Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(352)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/quic_crypto_client_config.cc

Issue 209413005: Move Window's specific logic for disabling ECDSA from QuicCryptoyclientConfig (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/quic/crypto/quic_crypto_client_config.h ('K') | « net/quic/crypto/quic_crypto_client_config.h ('k') | net/quic/crypto/quic_crypto_client_config_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/quic_crypto_client_config.h" 5 #include "net/quic/crypto/quic_crypto_client_config.h"
6 6
7 #include "base/stl_util.h" 7 #include "base/stl_util.h"
8 #include "base/strings/string_util.h" 8 #include "base/strings/string_util.h"
9 #include "net/quic/crypto/cert_compressor.h" 9 #include "net/quic/crypto/cert_compressor.h"
10 #include "net/quic/crypto/channel_id.h" 10 #include "net/quic/crypto/channel_id.h"
11 #include "net/quic/crypto/common_cert_set.h" 11 #include "net/quic/crypto/common_cert_set.h"
12 #include "net/quic/crypto/crypto_framer.h" 12 #include "net/quic/crypto/crypto_framer.h"
13 #include "net/quic/crypto/crypto_utils.h" 13 #include "net/quic/crypto/crypto_utils.h"
14 #include "net/quic/crypto/curve25519_key_exchange.h" 14 #include "net/quic/crypto/curve25519_key_exchange.h"
15 #include "net/quic/crypto/key_exchange.h" 15 #include "net/quic/crypto/key_exchange.h"
16 #include "net/quic/crypto/p256_key_exchange.h" 16 #include "net/quic/crypto/p256_key_exchange.h"
17 #include "net/quic/crypto/proof_verifier.h" 17 #include "net/quic/crypto/proof_verifier.h"
18 #include "net/quic/crypto/quic_encrypter.h" 18 #include "net/quic/crypto/quic_encrypter.h"
19 #include "net/quic/quic_session_key.h" 19 #include "net/quic/quic_session_key.h"
20 #include "net/quic/quic_utils.h" 20 #include "net/quic/quic_utils.h"
21 21
22 #if defined(OS_WIN)
23 #include "base/win/windows_version.h"
24 #endif
25
26 using base::StringPiece; 22 using base::StringPiece;
27 using std::make_pair; 23 using std::make_pair;
28 using std::map; 24 using std::map;
29 using std::string; 25 using std::string;
30 using std::vector; 26 using std::vector;
31 27
32 namespace net { 28 namespace net {
33 29
34 QuicCryptoClientConfig::QuicCryptoClientConfig() {} 30 QuicCryptoClientConfig::QuicCryptoClientConfig()
31 : disable_ecdsa_(false) {}
35 32
36 QuicCryptoClientConfig::~QuicCryptoClientConfig() { 33 QuicCryptoClientConfig::~QuicCryptoClientConfig() {
37 STLDeleteValues(&cached_states_); 34 STLDeleteValues(&cached_states_);
38 } 35 }
39 36
40 QuicCryptoClientConfig::CachedState::CachedState() 37 QuicCryptoClientConfig::CachedState::CachedState()
41 : server_config_valid_(false), 38 : server_config_valid_(false),
42 generation_counter_(0) {} 39 generation_counter_(0) {}
43 40
44 QuicCryptoClientConfig::CachedState::~CachedState() {} 41 QuicCryptoClientConfig::CachedState::~CachedState() {}
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after
246 243
247 void QuicCryptoClientConfig::SetDefaults() { 244 void QuicCryptoClientConfig::SetDefaults() {
248 // Key exchange methods. 245 // Key exchange methods.
249 kexs.resize(2); 246 kexs.resize(2);
250 kexs[0] = kC255; 247 kexs[0] = kC255;
251 kexs[1] = kP256; 248 kexs[1] = kP256;
252 249
253 // Authenticated encryption algorithms. 250 // Authenticated encryption algorithms.
254 aead.resize(1); 251 aead.resize(1);
255 aead[0] = kAESG; 252 aead[0] = kAESG;
253
254 disable_ecdsa_ = false;
256 } 255 }
257 256
258 QuicCryptoClientConfig::CachedState* QuicCryptoClientConfig::LookupOrCreate( 257 QuicCryptoClientConfig::CachedState* QuicCryptoClientConfig::LookupOrCreate(
259 const QuicSessionKey& server_key) { 258 const QuicSessionKey& server_key) {
260 CachedStateMap::const_iterator it = cached_states_.find(server_key); 259 CachedStateMap::const_iterator it = cached_states_.find(server_key);
261 if (it != cached_states_.end()) { 260 if (it != cached_states_.end()) {
262 return it->second; 261 return it->second;
263 } 262 }
264 263
265 CachedState* cached = new CachedState; 264 CachedState* cached = new CachedState;
(...skipping 16 matching lines...) Expand all
282 if (CryptoUtils::IsValidSNI(server_key.host())) { 281 if (CryptoUtils::IsValidSNI(server_key.host())) {
283 out->SetStringPiece(kSNI, server_key.host()); 282 out->SetStringPiece(kSNI, server_key.host());
284 } 283 }
285 out->SetValue(kVER, QuicVersionToQuicTag(preferred_version)); 284 out->SetValue(kVER, QuicVersionToQuicTag(preferred_version));
286 285
287 if (!cached->source_address_token().empty()) { 286 if (!cached->source_address_token().empty()) {
288 out->SetStringPiece(kSourceAddressTokenTag, cached->source_address_token()); 287 out->SetStringPiece(kSourceAddressTokenTag, cached->source_address_token());
289 } 288 }
290 289
291 if (server_key.is_https()) { 290 if (server_key.is_https()) {
292 // Don't request ECDSA proofs on platforms that do not support ECDSA 291 if (disable_ecdsa_) {
293 // certificates.
wtc 2014/03/25 14:58:11 We should move this comment to either quic_crypto_
Ryan Hamilton 2014/03/27 19:06:39 Done.
294 bool disableECDSA = false;
295 #if defined(OS_WIN)
296 if (base::win::GetVersion() < base::win::VERSION_VISTA)
297 disableECDSA = true;
298 #endif
299 if (disableECDSA) {
300 out->SetTaglist(kPDMD, kX59R, 0); 292 out->SetTaglist(kPDMD, kX59R, 0);
301 } else { 293 } else {
302 out->SetTaglist(kPDMD, kX509, 0); 294 out->SetTaglist(kPDMD, kX509, 0);
303 } 295 }
304 } 296 }
305 297
306 if (common_cert_sets) { 298 if (common_cert_sets) {
307 out->SetStringPiece(kCCS, common_cert_sets->GetCommonHashes()); 299 out->SetStringPiece(kCCS, common_cert_sets->GetCommonHashes());
308 } 300 }
309 301
(...skipping 404 matching lines...) Expand 10 before | Expand all | Expand 10 after
714 if (!canonical_state->proof_valid()) { 706 if (!canonical_state->proof_valid()) {
715 return; 707 return;
716 } 708 }
717 709
718 // Update canonical version to point at the "most recent" entry. 710 // Update canonical version to point at the "most recent" entry.
719 canonical_server_map_[suffix_server_key] = server_key; 711 canonical_server_map_[suffix_server_key] = server_key;
720 712
721 server_state->InitializeFrom(*canonical_state); 713 server_state->InitializeFrom(*canonical_state);
722 } 714 }
723 715
716 void QuicCryptoClientConfig::DisableEcdsa() {
wtc 2014/03/25 14:58:11 This should follow the definition of AddCanonicalS
Ryan Hamilton 2014/03/27 19:06:39 Done.
717 disable_ecdsa_ = true;
718 }
719
724 } // namespace net 720 } // namespace net
OLDNEW
« net/quic/crypto/quic_crypto_client_config.h ('K') | « net/quic/crypto/quic_crypto_client_config.h ('k') | net/quic/crypto/quic_crypto_client_config_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698