| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_client_config.h" | 5 #include "net/quic/crypto/quic_crypto_client_config.h" |
| 6 | 6 |
| 7 #include "base/stl_util.h" | 7 #include "base/stl_util.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "net/quic/crypto/cert_compressor.h" | 9 #include "net/quic/crypto/cert_compressor.h" |
| 10 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" | 10 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" |
| 11 #include "net/quic/crypto/channel_id.h" | 11 #include "net/quic/crypto/channel_id.h" |
| 12 #include "net/quic/crypto/common_cert_set.h" | 12 #include "net/quic/crypto/common_cert_set.h" |
| 13 #include "net/quic/crypto/crypto_framer.h" | 13 #include "net/quic/crypto/crypto_framer.h" |
| 14 #include "net/quic/crypto/crypto_utils.h" | 14 #include "net/quic/crypto/crypto_utils.h" |
| 15 #include "net/quic/crypto/curve25519_key_exchange.h" | 15 #include "net/quic/crypto/curve25519_key_exchange.h" |
| 16 #include "net/quic/crypto/key_exchange.h" | 16 #include "net/quic/crypto/key_exchange.h" |
| 17 #include "net/quic/crypto/p256_key_exchange.h" | 17 #include "net/quic/crypto/p256_key_exchange.h" |
| 18 #include "net/quic/crypto/proof_verifier.h" | 18 #include "net/quic/crypto/proof_verifier.h" |
| 19 #include "net/quic/crypto/quic_encrypter.h" | 19 #include "net/quic/crypto/quic_encrypter.h" |
| 20 #include "net/quic/quic_session_key.h" | 20 #include "net/quic/quic_session_key.h" |
| 21 #include "net/quic/quic_utils.h" | 21 #include "net/quic/quic_utils.h" |
| 22 | 22 |
| 23 #if defined(OS_WIN) | |
| 24 #include "base/win/windows_version.h" | |
| 25 #endif | |
| 26 | |
| 27 using base::StringPiece; | 23 using base::StringPiece; |
| 28 using std::find; | 24 using std::find; |
| 29 using std::make_pair; | 25 using std::make_pair; |
| 30 using std::map; | 26 using std::map; |
| 31 using std::string; | 27 using std::string; |
| 32 using std::vector; | 28 using std::vector; |
| 33 | 29 |
| 34 namespace net { | 30 namespace net { |
| 35 | 31 |
| 36 QuicCryptoClientConfig::QuicCryptoClientConfig() {} | 32 QuicCryptoClientConfig::QuicCryptoClientConfig() |
| 33 : disable_ecdsa_(false) {} |
| 37 | 34 |
| 38 QuicCryptoClientConfig::~QuicCryptoClientConfig() { | 35 QuicCryptoClientConfig::~QuicCryptoClientConfig() { |
| 39 STLDeleteValues(&cached_states_); | 36 STLDeleteValues(&cached_states_); |
| 40 } | 37 } |
| 41 | 38 |
| 42 QuicCryptoClientConfig::CachedState::CachedState() | 39 QuicCryptoClientConfig::CachedState::CachedState() |
| 43 : server_config_valid_(false), | 40 : server_config_valid_(false), |
| 44 generation_counter_(0) {} | 41 generation_counter_(0) {} |
| 45 | 42 |
| 46 QuicCryptoClientConfig::CachedState::~CachedState() {} | 43 QuicCryptoClientConfig::CachedState::~CachedState() {} |
| (...skipping 204 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 251 kexs.resize(2); | 248 kexs.resize(2); |
| 252 kexs[0] = kC255; | 249 kexs[0] = kC255; |
| 253 kexs[1] = kP256; | 250 kexs[1] = kP256; |
| 254 | 251 |
| 255 // Authenticated encryption algorithms. Prefer ChaCha20 by default. | 252 // Authenticated encryption algorithms. Prefer ChaCha20 by default. |
| 256 aead.clear(); | 253 aead.clear(); |
| 257 if (ChaCha20Poly1305Encrypter::IsSupported()) { | 254 if (ChaCha20Poly1305Encrypter::IsSupported()) { |
| 258 aead.push_back(kCC12); | 255 aead.push_back(kCC12); |
| 259 } | 256 } |
| 260 aead.push_back(kAESG); | 257 aead.push_back(kAESG); |
| 258 |
| 259 disable_ecdsa_ = false; |
| 261 } | 260 } |
| 262 | 261 |
| 263 QuicCryptoClientConfig::CachedState* QuicCryptoClientConfig::LookupOrCreate( | 262 QuicCryptoClientConfig::CachedState* QuicCryptoClientConfig::LookupOrCreate( |
| 264 const QuicSessionKey& server_key) { | 263 const QuicSessionKey& server_key) { |
| 265 CachedStateMap::const_iterator it = cached_states_.find(server_key); | 264 CachedStateMap::const_iterator it = cached_states_.find(server_key); |
| 266 if (it != cached_states_.end()) { | 265 if (it != cached_states_.end()) { |
| 267 return it->second; | 266 return it->second; |
| 268 } | 267 } |
| 269 | 268 |
| 270 CachedState* cached = new CachedState; | 269 CachedState* cached = new CachedState; |
| (...skipping 16 matching lines...) Expand all Loading... |
| 287 if (CryptoUtils::IsValidSNI(server_key.host())) { | 286 if (CryptoUtils::IsValidSNI(server_key.host())) { |
| 288 out->SetStringPiece(kSNI, server_key.host()); | 287 out->SetStringPiece(kSNI, server_key.host()); |
| 289 } | 288 } |
| 290 out->SetValue(kVER, QuicVersionToQuicTag(preferred_version)); | 289 out->SetValue(kVER, QuicVersionToQuicTag(preferred_version)); |
| 291 | 290 |
| 292 if (!cached->source_address_token().empty()) { | 291 if (!cached->source_address_token().empty()) { |
| 293 out->SetStringPiece(kSourceAddressTokenTag, cached->source_address_token()); | 292 out->SetStringPiece(kSourceAddressTokenTag, cached->source_address_token()); |
| 294 } | 293 } |
| 295 | 294 |
| 296 if (server_key.is_https()) { | 295 if (server_key.is_https()) { |
| 297 // Don't request ECDSA proofs on platforms that do not support ECDSA | 296 if (disable_ecdsa_) { |
| 298 // certificates. | |
| 299 bool disableECDSA = false; | |
| 300 #if defined(OS_WIN) | |
| 301 if (base::win::GetVersion() < base::win::VERSION_VISTA) | |
| 302 disableECDSA = true; | |
| 303 #endif | |
| 304 if (disableECDSA) { | |
| 305 out->SetTaglist(kPDMD, kX59R, 0); | 297 out->SetTaglist(kPDMD, kX59R, 0); |
| 306 } else { | 298 } else { |
| 307 out->SetTaglist(kPDMD, kX509, 0); | 299 out->SetTaglist(kPDMD, kX509, 0); |
| 308 } | 300 } |
| 309 } | 301 } |
| 310 | 302 |
| 311 if (common_cert_sets) { | 303 if (common_cert_sets) { |
| 312 out->SetStringPiece(kCCS, common_cert_sets->GetCommonHashes()); | 304 out->SetStringPiece(kCCS, common_cert_sets->GetCommonHashes()); |
| 313 } | 305 } |
| 314 | 306 |
| (...skipping 385 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 700 if (aead.size() <= 1) { | 692 if (aead.size() <= 1) { |
| 701 return; | 693 return; |
| 702 } | 694 } |
| 703 QuicTagVector::iterator pos = find(aead.begin(), aead.end(), kAESG); | 695 QuicTagVector::iterator pos = find(aead.begin(), aead.end(), kAESG); |
| 704 if (pos != aead.end()) { | 696 if (pos != aead.end()) { |
| 705 aead.erase(pos); | 697 aead.erase(pos); |
| 706 aead.insert(aead.begin(), kAESG); | 698 aead.insert(aead.begin(), kAESG); |
| 707 } | 699 } |
| 708 } | 700 } |
| 709 | 701 |
| 702 void QuicCryptoClientConfig::DisableEcdsa() { |
| 703 disable_ecdsa_ = true; |
| 704 } |
| 705 |
| 710 void QuicCryptoClientConfig::PopulateFromCanonicalConfig( | 706 void QuicCryptoClientConfig::PopulateFromCanonicalConfig( |
| 711 const QuicSessionKey& server_key, | 707 const QuicSessionKey& server_key, |
| 712 CachedState* server_state) { | 708 CachedState* server_state) { |
| 713 DCHECK(server_state->IsEmpty()); | 709 DCHECK(server_state->IsEmpty()); |
| 714 unsigned i = 0; | 710 unsigned i = 0; |
| 715 for (; i < canoncial_suffixes_.size(); ++i) { | 711 for (; i < canoncial_suffixes_.size(); ++i) { |
| 716 if (EndsWith(server_key.host(), canoncial_suffixes_[i], false)) { | 712 if (EndsWith(server_key.host(), canoncial_suffixes_[i], false)) { |
| 717 break; | 713 break; |
| 718 } | 714 } |
| 719 } | 715 } |
| (...skipping 17 matching lines...) Expand all Loading... |
| 737 return; | 733 return; |
| 738 } | 734 } |
| 739 | 735 |
| 740 // Update canonical version to point at the "most recent" entry. | 736 // Update canonical version to point at the "most recent" entry. |
| 741 canonical_server_map_[suffix_server_key] = server_key; | 737 canonical_server_map_[suffix_server_key] = server_key; |
| 742 | 738 |
| 743 server_state->InitializeFrom(*canonical_state); | 739 server_state->InitializeFrom(*canonical_state); |
| 744 } | 740 } |
| 745 | 741 |
| 746 } // namespace net | 742 } // namespace net |
| OLD | NEW |