OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <memory> | 10 #include <memory> |
(...skipping 1142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1153 } | 1153 } |
1154 | 1154 |
1155 strike_register_client->VerifyNonceIsValidAndUnique( | 1155 strike_register_client->VerifyNonceIsValidAndUnique( |
1156 info->client_nonce, info->now, | 1156 info->client_nonce, info->now, |
1157 new VerifyNonceIsValidAndUniqueCallback(client_hello_state, done_cb)); | 1157 new VerifyNonceIsValidAndUniqueCallback(client_hello_state, done_cb)); |
1158 helper.StartedAsyncCallback(); | 1158 helper.StartedAsyncCallback(); |
1159 } | 1159 } |
1160 | 1160 |
1161 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( | 1161 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( |
1162 QuicVersion version, | 1162 QuicVersion version, |
| 1163 StringPiece chlo_hash, |
1163 const SourceAddressTokens& previous_source_address_tokens, | 1164 const SourceAddressTokens& previous_source_address_tokens, |
1164 const IPAddress& server_ip, | 1165 const IPAddress& server_ip, |
1165 const IPAddress& client_ip, | 1166 const IPAddress& client_ip, |
1166 const QuicClock* clock, | 1167 const QuicClock* clock, |
1167 QuicRandom* rand, | 1168 QuicRandom* rand, |
1168 QuicCompressedCertsCache* compressed_certs_cache, | 1169 QuicCompressedCertsCache* compressed_certs_cache, |
1169 const QuicCryptoNegotiatedParameters& params, | 1170 const QuicCryptoNegotiatedParameters& params, |
1170 const CachedNetworkParameters* cached_network_params, | 1171 const CachedNetworkParameters* cached_network_params, |
1171 CryptoHandshakeMessage* out) const { | 1172 CryptoHandshakeMessage* out) const { |
1172 base::AutoLock locked(configs_lock_); | 1173 base::AutoLock locked(configs_lock_); |
1173 out->set_tag(kSCUP); | 1174 out->set_tag(kSCUP); |
1174 out->SetStringPiece(kSCFG, primary_config_->serialized); | 1175 out->SetStringPiece(kSCFG, primary_config_->serialized); |
1175 out->SetStringPiece( | 1176 out->SetStringPiece( |
1176 kSourceAddressTokenTag, | 1177 kSourceAddressTokenTag, |
1177 NewSourceAddressToken(*primary_config_.get(), | 1178 NewSourceAddressToken(*primary_config_.get(), |
1178 previous_source_address_tokens, client_ip, rand, | 1179 previous_source_address_tokens, client_ip, rand, |
1179 clock->WallNow(), cached_network_params)); | 1180 clock->WallNow(), cached_network_params)); |
1180 | 1181 |
1181 scoped_refptr<ProofSource::Chain> chain; | 1182 scoped_refptr<ProofSource::Chain> chain; |
1182 string signature; | 1183 string signature; |
1183 string cert_sct; | 1184 string cert_sct; |
1184 if (!proof_source_->GetProof(server_ip, params.sni, | 1185 if (FLAGS_quic_use_hash_in_scup) { |
1185 primary_config_->serialized, version, | 1186 if (!proof_source_->GetProof(server_ip, params.sni, |
1186 params.client_nonce, params.x509_ecdsa_supported, | 1187 primary_config_->serialized, version, |
1187 &chain, &signature, &cert_sct)) { | 1188 chlo_hash, params.x509_ecdsa_supported, &chain, |
1188 DVLOG(1) << "Server: failed to get proof."; | 1189 &signature, &cert_sct)) { |
1189 return false; | 1190 DVLOG(1) << "Server: failed to get proof."; |
| 1191 return false; |
| 1192 } |
| 1193 } else { |
| 1194 if (!proof_source_->GetProof( |
| 1195 server_ip, params.sni, primary_config_->serialized, version, |
| 1196 params.client_nonce, params.x509_ecdsa_supported, &chain, |
| 1197 &signature, &cert_sct)) { |
| 1198 DVLOG(1) << "Server: failed to get proof."; |
| 1199 return false; |
| 1200 } |
1190 } | 1201 } |
1191 | 1202 |
1192 const string compressed = CompressChain( | 1203 const string compressed = CompressChain( |
1193 compressed_certs_cache, chain, params.client_common_set_hashes, | 1204 compressed_certs_cache, chain, params.client_common_set_hashes, |
1194 params.client_cached_cert_hashes, primary_config_->common_cert_sets); | 1205 params.client_cached_cert_hashes, primary_config_->common_cert_sets); |
1195 | 1206 |
1196 out->SetStringPiece(kCertificateTag, compressed); | 1207 out->SetStringPiece(kCertificateTag, compressed); |
1197 out->SetStringPiece(kPROF, signature); | 1208 out->SetStringPiece(kPROF, signature); |
1198 if (params.sct_supported_by_client && version > QUIC_VERSION_29 && | 1209 if (params.sct_supported_by_client && version > QUIC_VERSION_29 && |
1199 enable_serving_sct_) { | 1210 enable_serving_sct_) { |
(...skipping 622 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1822 priority(0), | 1833 priority(0), |
1823 source_address_token_boxer(nullptr) {} | 1834 source_address_token_boxer(nullptr) {} |
1824 | 1835 |
1825 QuicCryptoServerConfig::Config::~Config() { | 1836 QuicCryptoServerConfig::Config::~Config() { |
1826 STLDeleteElements(&key_exchanges); | 1837 STLDeleteElements(&key_exchanges); |
1827 } | 1838 } |
1828 | 1839 |
1829 QuicCryptoProof::QuicCryptoProof() {} | 1840 QuicCryptoProof::QuicCryptoProof() {} |
1830 QuicCryptoProof::~QuicCryptoProof() {} | 1841 QuicCryptoProof::~QuicCryptoProof() {} |
1831 } // namespace net | 1842 } // namespace net |
OLD | NEW |