Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(399)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/quic_crypto_client_config.cc

Issue 1904213002: QUIC: support diversified keys with version 33. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@hkdf
Patch Set: Rebase Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/quic_crypto_client_config.h ('k') | net/quic/crypto/quic_crypto_client_config_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/quic_crypto_client_config.h" 5 #include "net/quic/crypto/quic_crypto_client_config.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include "base/metrics/histogram_macros.h" 9 #include "base/metrics/histogram_macros.h"
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 469 matching lines...) Expand 10 before | Expand all | Expand 10 after
480 ++i) { 480 ++i) {
481 hashes.push_back(QuicUtils::FNV1a_64_Hash(i->data(), i->size())); 481 hashes.push_back(QuicUtils::FNV1a_64_Hash(i->data(), i->size()));
482 } 482 }
483 out->SetVector(kCCRT, hashes); 483 out->SetVector(kCCRT, hashes);
484 } 484 }
485 } 485 }
486 486
487 QuicErrorCode QuicCryptoClientConfig::FillClientHello( 487 QuicErrorCode QuicCryptoClientConfig::FillClientHello(
488 const QuicServerId& server_id, 488 const QuicServerId& server_id,
489 QuicConnectionId connection_id, 489 QuicConnectionId connection_id,
490 const QuicVersion actual_version,
490 const QuicVersion preferred_version, 491 const QuicVersion preferred_version,
491 const CachedState* cached, 492 const CachedState* cached,
492 QuicWallTime now, 493 QuicWallTime now,
493 QuicRandom* rand, 494 QuicRandom* rand,
494 const ChannelIDKey* channel_id_key, 495 const ChannelIDKey* channel_id_key,
495 QuicCryptoNegotiatedParameters* out_params, 496 QuicCryptoNegotiatedParameters* out_params,
496 CryptoHandshakeMessage* out, 497 CryptoHandshakeMessage* out,
497 string* error_details) const { 498 string* error_details) const {
498 DCHECK(error_details != nullptr); 499 DCHECK(error_details != nullptr);
499 500
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after
646 return QUIC_INVALID_CHANNEL_ID_SIGNATURE; 647 return QUIC_INVALID_CHANNEL_ID_SIGNATURE;
647 } 648 }
648 649
649 cetv.SetStringPiece(kCIDK, key); 650 cetv.SetStringPiece(kCIDK, key);
650 cetv.SetStringPiece(kCIDS, signature); 651 cetv.SetStringPiece(kCIDS, signature);
651 652
652 CrypterPair crypters; 653 CrypterPair crypters;
653 if (!CryptoUtils::DeriveKeys( 654 if (!CryptoUtils::DeriveKeys(
654 out_params->initial_premaster_secret, out_params->aead, 655 out_params->initial_premaster_secret, out_params->aead,
655 out_params->client_nonce, out_params->server_nonce, hkdf_input, 656 out_params->client_nonce, out_params->server_nonce, hkdf_input,
656 Perspective::IS_CLIENT, &crypters, nullptr /* subkey secret */)) { 657 Perspective::IS_CLIENT, CryptoUtils::Diversification::Never(),
658 &crypters, nullptr /* subkey secret */)) {
657 *error_details = "Symmetric key setup failed"; 659 *error_details = "Symmetric key setup failed";
658 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; 660 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
659 } 661 }
660 662
661 const QuicData& cetv_plaintext = cetv.GetSerialized(); 663 const QuicData& cetv_plaintext = cetv.GetSerialized();
662 const size_t encrypted_len = 664 const size_t encrypted_len =
663 crypters.encrypter->GetCiphertextSize(cetv_plaintext.length()); 665 crypters.encrypter->GetCiphertextSize(cetv_plaintext.length());
664 std::unique_ptr<char[]> output(new char[encrypted_len]); 666 std::unique_ptr<char[]> output(new char[encrypted_len]);
665 size_t output_size = 0; 667 size_t output_size = 0;
666 if (!crypters.encrypter->EncryptPacket( 668 if (!crypters.encrypter->EncryptPacket(
(...skipping 29 matching lines...) Expand all
696 out_params->hkdf_input_suffix.append(certs[0]); 698 out_params->hkdf_input_suffix.append(certs[0]);
697 } 699 }
698 700
699 string hkdf_input; 701 string hkdf_input;
700 const size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; 702 const size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1;
701 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size()); 703 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size());
702 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); 704 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len);
703 hkdf_input.append(out_params->hkdf_input_suffix); 705 hkdf_input.append(out_params->hkdf_input_suffix);
704 706
705 string* subkey_secret = &out_params->initial_subkey_secret; 707 string* subkey_secret = &out_params->initial_subkey_secret;
708
709 // Only perform key diversification for QUIC versions 33 and later.
710 // TODO(rch): remove the |actual_version| argument to this method when
711 // QUIC_VERSION_32 is removed.
712 CryptoUtils::Diversification diversification =
713 actual_version > QUIC_VERSION_32 ? CryptoUtils::Diversification::Pending()
714 : CryptoUtils::Diversification::Never();
706 if (!CryptoUtils::DeriveKeys(out_params->initial_premaster_secret, 715 if (!CryptoUtils::DeriveKeys(out_params->initial_premaster_secret,
707 out_params->aead, out_params->client_nonce, 716 out_params->aead, out_params->client_nonce,
708 out_params->server_nonce, hkdf_input, 717 out_params->server_nonce, hkdf_input,
709 Perspective::IS_CLIENT, 718 Perspective::IS_CLIENT, diversification,
710 &out_params->initial_crypters, subkey_secret)) { 719 &out_params->initial_crypters, subkey_secret)) {
711 *error_details = "Symmetric key setup failed"; 720 *error_details = "Symmetric key setup failed";
712 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; 721 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
713 } 722 }
714 723
715 return QUIC_NO_ERROR; 724 return QUIC_NO_ERROR;
716 } 725 }
717 726
718 QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig( 727 QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig(
719 const CryptoHandshakeMessage& message, 728 const CryptoHandshakeMessage& message,
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after
872 const size_t label_len = strlen(QuicCryptoConfig::kForwardSecureLabel) + 1; 881 const size_t label_len = strlen(QuicCryptoConfig::kForwardSecureLabel) + 1;
873 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size()); 882 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size());
874 hkdf_input.append(QuicCryptoConfig::kForwardSecureLabel, label_len); 883 hkdf_input.append(QuicCryptoConfig::kForwardSecureLabel, label_len);
875 hkdf_input.append(out_params->hkdf_input_suffix); 884 hkdf_input.append(out_params->hkdf_input_suffix);
876 885
877 if (!CryptoUtils::DeriveKeys( 886 if (!CryptoUtils::DeriveKeys(
878 out_params->forward_secure_premaster_secret, out_params->aead, 887 out_params->forward_secure_premaster_secret, out_params->aead,
879 out_params->client_nonce, 888 out_params->client_nonce,
880 shlo_nonce.empty() ? out_params->server_nonce : shlo_nonce, 889 shlo_nonce.empty() ? out_params->server_nonce : shlo_nonce,
881 hkdf_input, Perspective::IS_CLIENT, 890 hkdf_input, Perspective::IS_CLIENT,
891 CryptoUtils::Diversification::Never(),
882 &out_params->forward_secure_crypters, &out_params->subkey_secret)) { 892 &out_params->forward_secure_crypters, &out_params->subkey_secret)) {
883 *error_details = "Symmetric key setup failed"; 893 *error_details = "Symmetric key setup failed";
884 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; 894 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
885 } 895 }
886 896
887 return QUIC_NO_ERROR; 897 return QUIC_NO_ERROR;
888 } 898 }
889 899
890 QuicErrorCode QuicCryptoClientConfig::ProcessServerConfigUpdate( 900 QuicErrorCode QuicCryptoClientConfig::ProcessServerConfigUpdate(
891 const CryptoHandshakeMessage& server_config_update, 901 const CryptoHandshakeMessage& server_config_update,
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after
982 } 992 }
983 993
984 // Update canonical version to point at the "most recent" entry. 994 // Update canonical version to point at the "most recent" entry.
985 canonical_server_map_[suffix_server_id] = server_id; 995 canonical_server_map_[suffix_server_id] = server_id;
986 996
987 server_state->InitializeFrom(*canonical_state); 997 server_state->InitializeFrom(*canonical_state);
988 return true; 998 return true;
989 } 999 }
990 1000
991 } // namespace net 1001 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/quic_crypto_client_config.h ('k') | net/quic/crypto/quic_crypto_client_config_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698