OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/quic_crypto_server_stream.h" | 5 #include "net/quic/quic_crypto_server_stream.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "crypto/secure_hash.h" | 10 #include "crypto/secure_hash.h" |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 // Already processing some other handshake message. The protocol | 108 // Already processing some other handshake message. The protocol |
109 // does not allow for clients to send multiple handshake messages | 109 // does not allow for clients to send multiple handshake messages |
110 // before the server has a chance to respond. | 110 // before the server has a chance to respond. |
111 CloseConnectionWithDetails( | 111 CloseConnectionWithDetails( |
112 QUIC_CRYPTO_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO, | 112 QUIC_CRYPTO_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO, |
113 "Unexpected handshake message while processing CHLO"); | 113 "Unexpected handshake message while processing CHLO"); |
114 return; | 114 return; |
115 } | 115 } |
116 | 116 |
117 validate_client_hello_cb_ = new ValidateCallback(this); | 117 validate_client_hello_cb_ = new ValidateCallback(this); |
118 return crypto_config_->ValidateClientHello( | 118 crypto_config_->ValidateClientHello( |
119 message, session()->connection()->peer_address().address(), | 119 message, session()->connection()->peer_address().address(), |
120 session()->connection()->self_address().address(), version(), | 120 session()->connection()->self_address().address(), version(), |
121 session()->connection()->clock(), &crypto_proof_, | 121 session()->connection()->clock(), &crypto_proof_, |
122 validate_client_hello_cb_); | 122 validate_client_hello_cb_); |
123 } | 123 } |
124 | 124 |
125 void QuicCryptoServerStream::FinishProcessingHandshakeMessage( | 125 void QuicCryptoServerStream::FinishProcessingHandshakeMessage( |
126 const CryptoHandshakeMessage& message, | 126 const CryptoHandshakeMessage& message, |
127 const ValidateClientHelloResultCallback::Result& result) { | 127 const ValidateClientHelloResultCallback::Result& result) { |
128 // Clear the callback that got us here. | 128 // Clear the callback that got us here. |
129 DCHECK(validate_client_hello_cb_ != nullptr); | 129 DCHECK(validate_client_hello_cb_ != nullptr); |
130 validate_client_hello_cb_ = nullptr; | 130 validate_client_hello_cb_ = nullptr; |
131 | 131 |
132 if (use_stateless_rejects_if_peer_supported_) { | 132 if (use_stateless_rejects_if_peer_supported_) { |
133 peer_supports_stateless_rejects_ = DoesPeerSupportStatelessRejects(message); | 133 peer_supports_stateless_rejects_ = DoesPeerSupportStatelessRejects(message); |
134 } | 134 } |
135 | 135 |
136 CryptoHandshakeMessage reply; | 136 CryptoHandshakeMessage reply; |
| 137 DiversificationNonce diversification_nonce; |
137 string error_details; | 138 string error_details; |
138 QuicErrorCode error = | 139 QuicErrorCode error = ProcessClientHello( |
139 ProcessClientHello(message, result, &reply, &error_details); | 140 message, result, &reply, &diversification_nonce, &error_details); |
140 | 141 |
141 if (error != QUIC_NO_ERROR) { | 142 if (error != QUIC_NO_ERROR) { |
142 CloseConnectionWithDetails(error, error_details); | 143 CloseConnectionWithDetails(error, error_details); |
143 return; | 144 return; |
144 } | 145 } |
145 | 146 |
146 if (reply.tag() != kSHLO) { | 147 if (reply.tag() != kSHLO) { |
147 if (reply.tag() == kSREJ) { | 148 if (reply.tag() == kSREJ) { |
148 DCHECK(use_stateless_rejects_if_peer_supported_); | 149 DCHECK(use_stateless_rejects_if_peer_supported_); |
149 DCHECK(peer_supports_stateless_rejects_); | 150 DCHECK(peer_supports_stateless_rejects_); |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
190 // NOTE: the SHLO will be encrypted with the new server write key. | 191 // NOTE: the SHLO will be encrypted with the new server write key. |
191 session()->connection()->SetEncrypter( | 192 session()->connection()->SetEncrypter( |
192 ENCRYPTION_INITIAL, | 193 ENCRYPTION_INITIAL, |
193 crypto_negotiated_params_.initial_crypters.encrypter.release()); | 194 crypto_negotiated_params_.initial_crypters.encrypter.release()); |
194 session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_INITIAL); | 195 session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_INITIAL); |
195 // Set the decrypter immediately so that we no longer accept unencrypted | 196 // Set the decrypter immediately so that we no longer accept unencrypted |
196 // packets. | 197 // packets. |
197 session()->connection()->SetDecrypter( | 198 session()->connection()->SetDecrypter( |
198 ENCRYPTION_INITIAL, | 199 ENCRYPTION_INITIAL, |
199 crypto_negotiated_params_.initial_crypters.decrypter.release()); | 200 crypto_negotiated_params_.initial_crypters.decrypter.release()); |
| 201 if (version() > QUIC_VERSION_32) { |
| 202 session()->connection()->SetDiversificationNonce(diversification_nonce); |
| 203 } |
200 | 204 |
201 // We want to be notified when the SHLO is ACKed so that we can disable | 205 // We want to be notified when the SHLO is ACKed so that we can disable |
202 // HANDSHAKE_MODE in the sent packet manager. | 206 // HANDSHAKE_MODE in the sent packet manager. |
203 scoped_refptr<ServerHelloNotifier> server_hello_notifier( | 207 scoped_refptr<ServerHelloNotifier> server_hello_notifier( |
204 new ServerHelloNotifier(this)); | 208 new ServerHelloNotifier(this)); |
205 SendHandshakeMessage(reply, server_hello_notifier.get()); | 209 SendHandshakeMessage(reply, server_hello_notifier.get()); |
206 | 210 |
207 session()->connection()->SetEncrypter( | 211 session()->connection()->SetEncrypter( |
208 ENCRYPTION_FORWARD_SECURE, | 212 ENCRYPTION_FORWARD_SECURE, |
209 crypto_negotiated_params_.forward_secure_crypters.encrypter.release()); | 213 crypto_negotiated_params_.forward_secure_crypters.encrypter.release()); |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
311 output->resize(len); | 315 output->resize(len); |
312 } | 316 } |
313 } | 317 } |
314 return true; | 318 return true; |
315 } | 319 } |
316 | 320 |
317 QuicErrorCode QuicCryptoServerStream::ProcessClientHello( | 321 QuicErrorCode QuicCryptoServerStream::ProcessClientHello( |
318 const CryptoHandshakeMessage& message, | 322 const CryptoHandshakeMessage& message, |
319 const ValidateClientHelloResultCallback::Result& result, | 323 const ValidateClientHelloResultCallback::Result& result, |
320 CryptoHandshakeMessage* reply, | 324 CryptoHandshakeMessage* reply, |
| 325 DiversificationNonce* out_diversification_nonce, |
321 string* error_details) { | 326 string* error_details) { |
322 if (!result.info.server_nonce.empty()) { | 327 if (!result.info.server_nonce.empty()) { |
323 ++num_handshake_messages_with_server_nonces_; | 328 ++num_handshake_messages_with_server_nonces_; |
324 } | 329 } |
325 // Store the bandwidth estimate from the client. | 330 // Store the bandwidth estimate from the client. |
326 if (result.cached_network_params.bandwidth_estimate_bytes_per_second() > 0) { | 331 if (result.cached_network_params.bandwidth_estimate_bytes_per_second() > 0) { |
327 previous_cached_network_params_.reset( | 332 previous_cached_network_params_.reset( |
328 new CachedNetworkParameters(result.cached_network_params)); | 333 new CachedNetworkParameters(result.cached_network_params)); |
329 } | 334 } |
330 previous_source_address_tokens_ = result.info.source_address_tokens; | 335 previous_source_address_tokens_ = result.info.source_address_tokens; |
331 | 336 |
332 const bool use_stateless_rejects_in_crypto_config = | 337 const bool use_stateless_rejects_in_crypto_config = |
333 use_stateless_rejects_if_peer_supported_ && | 338 use_stateless_rejects_if_peer_supported_ && |
334 peer_supports_stateless_rejects_; | 339 peer_supports_stateless_rejects_; |
335 QuicConnection* connection = session()->connection(); | 340 QuicConnection* connection = session()->connection(); |
336 const QuicConnectionId server_designated_connection_id = | 341 const QuicConnectionId server_designated_connection_id = |
337 use_stateless_rejects_in_crypto_config | 342 use_stateless_rejects_in_crypto_config |
338 ? GenerateConnectionIdForReject(connection->connection_id()) | 343 ? GenerateConnectionIdForReject(connection->connection_id()) |
339 : 0; | 344 : 0; |
340 return crypto_config_->ProcessClientHello( | 345 return crypto_config_->ProcessClientHello( |
341 result, connection->connection_id(), connection->self_address().address(), | 346 result, connection->connection_id(), connection->self_address().address(), |
342 connection->peer_address(), version(), connection->supported_versions(), | 347 connection->peer_address(), version(), connection->supported_versions(), |
343 use_stateless_rejects_in_crypto_config, server_designated_connection_id, | 348 use_stateless_rejects_in_crypto_config, server_designated_connection_id, |
344 connection->clock(), connection->random_generator(), | 349 connection->clock(), connection->random_generator(), |
345 compressed_certs_cache_, &crypto_negotiated_params_, &crypto_proof_, | 350 compressed_certs_cache_, &crypto_negotiated_params_, &crypto_proof_, |
346 reply, error_details); | 351 reply, out_diversification_nonce, error_details); |
347 } | 352 } |
348 | 353 |
349 void QuicCryptoServerStream::OverrideQuicConfigDefaults(QuicConfig* config) {} | 354 void QuicCryptoServerStream::OverrideQuicConfigDefaults(QuicConfig* config) {} |
350 | 355 |
351 QuicCryptoServerStream::ValidateCallback::ValidateCallback( | 356 QuicCryptoServerStream::ValidateCallback::ValidateCallback( |
352 QuicCryptoServerStream* parent) | 357 QuicCryptoServerStream* parent) |
353 : parent_(parent) {} | 358 : parent_(parent) {} |
354 | 359 |
355 void QuicCryptoServerStream::ValidateCallback::Cancel() { | 360 void QuicCryptoServerStream::ValidateCallback::Cancel() { |
356 parent_ = nullptr; | 361 parent_ = nullptr; |
(...skipping 26 matching lines...) Expand all Loading... |
383 } | 388 } |
384 for (size_t i = 0; i < received_tags_length; ++i) { | 389 for (size_t i = 0; i < received_tags_length; ++i) { |
385 if (received_tags[i] == kSREJ) { | 390 if (received_tags[i] == kSREJ) { |
386 return true; | 391 return true; |
387 } | 392 } |
388 } | 393 } |
389 return false; | 394 return false; |
390 } | 395 } |
391 | 396 |
392 } // namespace net | 397 } // namespace net |
OLD | NEW |