Landing Recent QUIC changes until 2016-03-15 16:26 UTC

net/quic/crypto/quic_crypto_server_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/quic_crypto_server_config.h"
 
 #include <stdlib.h>
 
 #include <algorithm>
 
@@ skipping 274 matching lines @@
                                  p256_public_value.size());
   }
 
   msg.set_tag(kSCFG);
   if (options.p256) {
     msg.SetTaglist(kKEXS, kC255, kP256, 0);
   } else {
     msg.SetTaglist(kKEXS, kC255, 0);
   }
   if (FLAGS_quic_crypto_server_config_default_has_chacha20) {
-    if (FLAGS_quic_use_rfc7539 &&
-        ChaCha20Poly1305Rfc7539Encrypter::IsSupported()) {
+    if (ChaCha20Poly1305Rfc7539Encrypter::IsSupported()) {
       msg.SetTaglist(kAEAD, kAESG, kCC12, kCC20, 0);
     } else {
       msg.SetTaglist(kAEAD, kAESG, kCC12, 0);
     }
   } else {
     msg.SetTaglist(kAEAD, kAESG, 0);
   }
   msg.SetStringPiece(kPUBS, encoded_public_values);
 
   if (options.expiry_time.IsZero()) {
@@ skipping 240 matching lines @@
     const ValidateClientHelloResultCallback::Result& validate_chlo_result,
     QuicConnectionId connection_id,
     const IPAddress& server_ip,
     const IPEndPoint& client_address,
     QuicVersion version,
     const QuicVersionVector& supported_versions,
     bool use_stateless_rejects,
     QuicConnectionId server_designated_connection_id,
     const QuicClock* clock,
     QuicRandom* rand,
+    QuicCompressedCertsCache* compressed_certs_cache,
     QuicCryptoNegotiatedParameters* params,
     QuicCryptoProof* crypto_proof,
     CryptoHandshakeMessage* out,
     string* error_details) const {
   DCHECK(error_details);
 
   const CryptoHandshakeMessage& client_hello =
       validate_chlo_result.client_hello;
   const ClientHelloInfo& info = validate_chlo_result.info;
 
@@ skipping 55 matching lines @@
     if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) &&
         cert_sct.empty()) {
       params->sct_supported_by_client = true;
     }
   }
 
   if (!info.reject_reasons.empty() || !requested_config.get()) {
     BuildRejection(version, *primary_config, client_hello, info,
                    validate_chlo_result.cached_network_params,
                    use_stateless_rejects, server_designated_connection_id, rand,
-                   params, *crypto_proof, out);
+                   compressed_certs_cache, params, *crypto_proof, out);
     return QUIC_NO_ERROR;
   }
 
   const QuicTag* their_aeads;
   const QuicTag* their_key_exchanges;
   size_t num_their_aeads, num_their_key_exchanges;
   if (client_hello.GetTaglist(kAEAD, &their_aeads, &num_their_aeads) !=
           QUIC_NO_ERROR ||
       client_hello.GetTaglist(kKEXS, &their_key_exchanges,
                               &num_their_key_exchanges) != QUIC_NO_ERROR ||
@@ skipping 414 matching lines @@
     if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) {
       found_error = true;
       info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE);
     }
   }
 
   if (!client_hello.GetStringPiece(kNONC, &info->client_nonce) ||
       info->client_nonce.size() != kNonceSize) {
     info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE);
     // Invalid client nonce.
+    LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString();
     DVLOG(1) << "Invalid client nonce.";
     if (FLAGS_use_early_return_when_verifying_chlo) {
       helper.ValidationComplete(QUIC_NO_ERROR, "");
       return;
     }
     found_error = true;
   }
 
   // Server nonce is optional, and used for key derivation if present.
   client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce);
@@ skipping 66 matching lines @@
   helper.StartedAsyncCallback();
 }
 
 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
     QuicVersion version,
     const SourceAddressTokens& previous_source_address_tokens,
     const IPAddress& server_ip,
     const IPAddress& client_ip,
     const QuicClock* clock,
     QuicRandom* rand,
+    QuicCompressedCertsCache* compressed_certs_cache,
     const QuicCryptoNegotiatedParameters& params,
     const CachedNetworkParameters* cached_network_params,
     CryptoHandshakeMessage* out) const {
   base::AutoLock locked(configs_lock_);
   out->set_tag(kSCUP);
   out->SetStringPiece(kSCFG, primary_config_->serialized);
   out->SetStringPiece(
       kSourceAddressTokenTag,
       NewSourceAddressToken(*primary_config_.get(),
                             previous_source_address_tokens, client_ip, rand,
                             clock->WallNow(), cached_network_params));
 
   scoped_refptr<ProofSource::Chain> chain;
   string signature;
   string cert_sct;
   if (!proof_source_->GetProof(server_ip, params.sni,
                                primary_config_->serialized, version,
                                params.client_nonce, params.x509_ecdsa_supported,
                                &chain, &signature, &cert_sct)) {
     DVLOG(1) << "Server: failed to get proof.";
     return false;
   }
 
-  const string compressed = CertCompressor::CompressChain(
-      chain->certs, params.client_common_set_hashes,
+  const string compressed = CompressChain(
+      compressed_certs_cache, chain, params.client_common_set_hashes,
       params.client_cached_cert_hashes, primary_config_->common_cert_sets);
 
   out->SetStringPiece(kCertificateTag, compressed);
   out->SetStringPiece(kPROF, signature);
   if (params.sct_supported_by_client && version > QUIC_VERSION_29 &&
       enable_serving_sct_) {
     if (cert_sct.empty()) {
       DLOG(WARNING) << "SCT is expected but it is empty.";
     } else {
       out->SetStringPiece(kCertificateSCTTag, cert_sct);
     }
   }
   return true;
 }
 
 void QuicCryptoServerConfig::BuildRejection(
     QuicVersion version,
     const Config& config,
     const CryptoHandshakeMessage& client_hello,
     const ClientHelloInfo& info,
     const CachedNetworkParameters& cached_network_params,
     bool use_stateless_rejects,
     QuicConnectionId server_designated_connection_id,
     QuicRandom* rand,
+    QuicCompressedCertsCache* compressed_certs_cache,
     QuicCryptoNegotiatedParameters* params,
     const QuicCryptoProof& crypto_proof,
     CryptoHandshakeMessage* out) const {
   if (FLAGS_enable_quic_stateless_reject_support && use_stateless_rejects) {
     DVLOG(1) << "QUIC Crypto server config returning stateless reject "
              << "with server-designated connection ID "
              << server_designated_connection_id;
     out->set_tag(kSREJ);
     out->SetValue(kRCID, server_designated_connection_id);
   } else {
@@ skipping 23 matching lines @@
   StringPiece client_common_set_hashes;
   if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) {
     params->client_common_set_hashes = client_common_set_hashes.as_string();
   }
 
   StringPiece client_cached_cert_hashes;
   if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) {
     params->client_cached_cert_hashes = client_cached_cert_hashes.as_string();
   }
 
-  const string compressed = CertCompressor::CompressChain(
-      crypto_proof.chain->certs, params->client_common_set_hashes,
-      params->client_cached_cert_hashes, config.common_cert_sets);
+  const string compressed =
+      CompressChain(compressed_certs_cache, crypto_proof.chain,
+                    params->client_common_set_hashes,
+                    params->client_cached_cert_hashes, config.common_cert_sets);
 
   // kREJOverheadBytes is a very rough estimate of how much of a REJ
   // message is taken up by things other than the certificates.
   // STK: 56 bytes
   // SNO: 56 bytes
   // SCFG
   //   SCID: 16 bytes
   //   PUBS: 38 bytes
   const size_t kREJOverheadBytes = 166;
   // max_unverified_size is the number of bytes that the certificate chain,
@@ skipping 14 matching lines @@
     if (should_return_sct) {
       if (crypto_proof.cert_sct.empty()) {
         DLOG(WARNING) << "SCT is expected but it is empty.";
       } else {
         out->SetStringPiece(kCertificateSCTTag, crypto_proof.cert_sct);
       }
     }
   }
 }
 
+const string QuicCryptoServerConfig::CompressChain(
+    QuicCompressedCertsCache* compressed_certs_cache,
+    const scoped_refptr<ProofSource::Chain>& chain,
+    const string& client_common_set_hashes,
+    const string& client_cached_cert_hashes,
+    const CommonCertSets* common_sets) const {
+  // Check whether the compressed certs is available in the cache.
+  if (FLAGS_quic_use_cached_compressed_certs) {
+    DCHECK(compressed_certs_cache);
+    const string* cached_value = compressed_certs_cache->GetCompressedCert(
+        chain, client_common_set_hashes, client_cached_cert_hashes);
+    if (cached_value) {
+      return *cached_value;
+    }
+  }
+
+  const string compressed =
+      CertCompressor::CompressChain(chain->certs, client_common_set_hashes,
+                                    client_common_set_hashes, common_sets);
+
+  // Insert the newly compressed cert to cache.
+  if (FLAGS_quic_use_cached_compressed_certs) {
+    compressed_certs_cache->Insert(chain, client_common_set_hashes,
+                                   client_cached_cert_hashes, compressed);
+  }
+  return compressed;
+}
+
 scoped_refptr<QuicCryptoServerConfig::Config>
 QuicCryptoServerConfig::ParseConfigProtobuf(
     QuicServerConfigProtobuf* protobuf) {
   scoped_ptr<CryptoHandshakeMessage> msg(
       CryptoFramer::ParseMessage(protobuf->config()));
 
   if (msg->tag() != kSCFG) {
     LOG(WARNING) << "Server config message has tag " << msg->tag()
                  << " expected " << kSCFG;
     return nullptr;
@@ skipping 488 matching lines @@
       priority(0),
       source_address_token_boxer(nullptr) {}
 
 QuicCryptoServerConfig::Config::~Config() {
   STLDeleteElements(&key_exchanges);
 }
 
 QuicCryptoProof::QuicCryptoProof() {}
 QuicCryptoProof::~QuicCryptoProof() {}
 }  // namespace net