| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 | 10 |
| (...skipping 979 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 990 !CryptoUtils::IsValidSNI(info->sni)) { | 990 !CryptoUtils::IsValidSNI(info->sni)) { |
| 991 helper.ValidationComplete(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, | 991 helper.ValidationComplete(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, |
| 992 "Invalid SNI name"); | 992 "Invalid SNI name"); |
| 993 return; | 993 return; |
| 994 } | 994 } |
| 995 | 995 |
| 996 client_hello.GetStringPiece(kUAID, &info->user_agent_id); | 996 client_hello.GetStringPiece(kUAID, &info->user_agent_id); |
| 997 | 997 |
| 998 HandshakeFailureReason source_address_token_error = MAX_FAILURE_REASON; | 998 HandshakeFailureReason source_address_token_error = MAX_FAILURE_REASON; |
| 999 StringPiece srct; | 999 StringPiece srct; |
| 1000 if (FLAGS_quic_validate_stk_without_scid) { | 1000 if (client_hello.GetStringPiece(kSourceAddressTokenTag, &srct)) { |
| 1001 if (client_hello.GetStringPiece(kSourceAddressTokenTag, &srct)) { | 1001 Config& config = |
| 1002 Config& config = | 1002 requested_config != nullptr ? *requested_config : *primary_config; |
| 1003 requested_config != nullptr ? *requested_config : *primary_config; | 1003 source_address_token_error = |
| 1004 source_address_token_error = | 1004 ParseSourceAddressToken(config, srct, &info->source_address_tokens); |
| 1005 ParseSourceAddressToken(config, srct, &info->source_address_tokens); | |
| 1006 | 1005 |
| 1007 if (source_address_token_error == HANDSHAKE_OK) { | 1006 if (source_address_token_error == HANDSHAKE_OK) { |
| 1008 source_address_token_error = ValidateSourceAddressTokens( | 1007 source_address_token_error = ValidateSourceAddressTokens( |
| 1009 info->source_address_tokens, info->client_ip, info->now, | 1008 info->source_address_tokens, info->client_ip, info->now, |
| 1010 &client_hello_state->cached_network_params); | 1009 &client_hello_state->cached_network_params); |
| 1011 } | |
| 1012 info->valid_source_address_token = | |
| 1013 (source_address_token_error == HANDSHAKE_OK); | |
| 1014 } else { | |
| 1015 source_address_token_error = SOURCE_ADDRESS_TOKEN_INVALID_FAILURE; | |
| 1016 } | 1010 } |
| 1011 info->valid_source_address_token = |
| 1012 (source_address_token_error == HANDSHAKE_OK); |
| 1013 } else { |
| 1014 source_address_token_error = SOURCE_ADDRESS_TOKEN_INVALID_FAILURE; |
| 1017 } | 1015 } |
| 1018 | 1016 |
| 1019 if (!requested_config.get()) { | 1017 if (!requested_config.get()) { |
| 1020 StringPiece requested_scid; | 1018 StringPiece requested_scid; |
| 1021 if (client_hello.GetStringPiece(kSCID, &requested_scid)) { | 1019 if (client_hello.GetStringPiece(kSCID, &requested_scid)) { |
| 1022 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); | 1020 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); |
| 1023 } else { | 1021 } else { |
| 1024 info->reject_reasons.push_back(SERVER_CONFIG_INCHOATE_HELLO_FAILURE); | 1022 info->reject_reasons.push_back(SERVER_CONFIG_INCHOATE_HELLO_FAILURE); |
| 1025 } | 1023 } |
| 1026 // No server config with the requested ID. | 1024 // No server config with the requested ID. |
| 1027 helper.ValidationComplete(QUIC_NO_ERROR, ""); | 1025 helper.ValidationComplete(QUIC_NO_ERROR, ""); |
| 1028 return; | 1026 return; |
| 1029 } | 1027 } |
| 1030 | 1028 |
| 1031 if (!FLAGS_quic_validate_stk_without_scid) { | |
| 1032 if (client_hello.GetStringPiece(kSourceAddressTokenTag, &srct)) { | |
| 1033 source_address_token_error = ParseSourceAddressToken( | |
| 1034 *requested_config, srct, &info->source_address_tokens); | |
| 1035 | |
| 1036 if (source_address_token_error == HANDSHAKE_OK) { | |
| 1037 source_address_token_error = ValidateSourceAddressTokens( | |
| 1038 info->source_address_tokens, info->client_ip, info->now, | |
| 1039 &client_hello_state->cached_network_params); | |
| 1040 } | |
| 1041 info->valid_source_address_token = | |
| 1042 (source_address_token_error == HANDSHAKE_OK); | |
| 1043 } else { | |
| 1044 source_address_token_error = SOURCE_ADDRESS_TOKEN_INVALID_FAILURE; | |
| 1045 } | |
| 1046 } | |
| 1047 | |
| 1048 bool found_error = false; | 1029 bool found_error = false; |
| 1049 if (source_address_token_error != HANDSHAKE_OK) { | 1030 if (source_address_token_error != HANDSHAKE_OK) { |
| 1050 info->reject_reasons.push_back(source_address_token_error); | 1031 info->reject_reasons.push_back(source_address_token_error); |
| 1051 // No valid source address token. | 1032 // No valid source address token. |
| 1052 if (FLAGS_use_early_return_when_verifying_chlo) { | 1033 if (FLAGS_use_early_return_when_verifying_chlo) { |
| 1053 helper.ValidationComplete(QUIC_NO_ERROR, ""); | 1034 helper.ValidationComplete(QUIC_NO_ERROR, ""); |
| 1054 return; | 1035 return; |
| 1055 } | 1036 } |
| 1056 found_error = true; | 1037 found_error = true; |
| 1057 } | 1038 } |
| (...skipping 748 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1806 priority(0), | 1787 priority(0), |
| 1807 source_address_token_boxer(nullptr) {} | 1788 source_address_token_boxer(nullptr) {} |
| 1808 | 1789 |
| 1809 QuicCryptoServerConfig::Config::~Config() { | 1790 QuicCryptoServerConfig::Config::~Config() { |
| 1810 STLDeleteElements(&key_exchanges); | 1791 STLDeleteElements(&key_exchanges); |
| 1811 } | 1792 } |
| 1812 | 1793 |
| 1813 QuicCryptoProof::QuicCryptoProof() {} | 1794 QuicCryptoProof::QuicCryptoProof() {} |
| 1814 QuicCryptoProof::~QuicCryptoProof() {} | 1795 QuicCryptoProof::~QuicCryptoProof() {} |
| 1815 } // namespace net | 1796 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1780923002:
Deprecate FLAG_quic_validate_stk_without_scid (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@115880164