Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(440)

Unified Diff: net/quic/crypto/crypto_handshake.h

Issue 2193073003: Move shared files in net/quic/ into net/quic/core/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: io_thread_unittest.cc Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/crypto/crypto_framer_test.cc ('k') | net/quic/crypto/crypto_handshake.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/crypto_handshake.h
diff --git a/net/quic/crypto/crypto_handshake.h b/net/quic/crypto/crypto_handshake.h
deleted file mode 100644
index dd958c2e12a41922293219c506b4992fdbf29aff..0000000000000000000000000000000000000000
--- a/net/quic/crypto/crypto_handshake.h
+++ /dev/null
@@ -1,192 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
-#define NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
-
-#include <stdint.h>
-
-#include <memory>
-#include <string>
-#include <vector>
-
-#include "base/macros.h"
-#include "net/base/net_export.h"
-#include "net/quic/quic_protocol.h"
-
-namespace net {
-
-class CommonCertSets;
-class KeyExchange;
-class QuicDecrypter;
-class QuicEncrypter;
-
-// HandshakeFailureReason enum values are uploaded to UMA, they cannot be
-// changed.
-enum HandshakeFailureReason {
- HANDSHAKE_OK = 0,
-
- // Failure reasons for an invalid client nonce in CHLO.
- //
- // The default error value for nonce verification failures from strike
- // register (covers old strike registers and unknown failures).
- CLIENT_NONCE_UNKNOWN_FAILURE = 1,
- // Client nonce had incorrect length.
- CLIENT_NONCE_INVALID_FAILURE = 2,
- // Client nonce is not unique.
- CLIENT_NONCE_NOT_UNIQUE_FAILURE = 3,
- // Client orbit is invalid or incorrect.
- CLIENT_NONCE_INVALID_ORBIT_FAILURE = 4,
- // Client nonce's timestamp is not in the strike register's valid time range.
- CLIENT_NONCE_INVALID_TIME_FAILURE = 5,
- // Strike register's RPC call timed out, client nonce couldn't be verified.
- CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT = 6,
- // Strike register is down, client nonce couldn't be verified.
- CLIENT_NONCE_STRIKE_REGISTER_FAILURE = 7,
-
- // Failure reasons for an invalid server nonce in CHLO.
- //
- // Unbox of server nonce failed.
- SERVER_NONCE_DECRYPTION_FAILURE = 8,
- // Decrypted server nonce had incorrect length.
- SERVER_NONCE_INVALID_FAILURE = 9,
- // Server nonce is not unique.
- SERVER_NONCE_NOT_UNIQUE_FAILURE = 10,
- // Server nonce's timestamp is not in the strike register's valid time range.
- SERVER_NONCE_INVALID_TIME_FAILURE = 11,
- // The server requires handshake confirmation.
- SERVER_NONCE_REQUIRED_FAILURE = 20,
-
- // Failure reasons for an invalid server config in CHLO.
- //
- // Missing Server config id (kSCID) tag.
- SERVER_CONFIG_INCHOATE_HELLO_FAILURE = 12,
- // Couldn't find the Server config id (kSCID).
- SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE = 13,
-
- // Failure reasons for an invalid source-address token.
- //
- // Missing Source-address token (kSourceAddressTokenTag) tag.
- SOURCE_ADDRESS_TOKEN_INVALID_FAILURE = 14,
- // Unbox of Source-address token failed.
- SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE = 15,
- // Couldn't parse the unbox'ed Source-address token.
- SOURCE_ADDRESS_TOKEN_PARSE_FAILURE = 16,
- // Source-address token is for a different IP address.
- SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE = 17,
- // The source-address token has a timestamp in the future.
- SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE = 18,
- // The source-address token has expired.
- SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE = 19,
-
- // The expected leaf certificate hash could not be validated.
- INVALID_EXPECTED_LEAF_CERTIFICATE = 21,
-
- MAX_FAILURE_REASON = 22,
-};
-
-// These errors will be packed into an uint32_t and we don't want to set the
-// most significant bit, which may be misinterpreted as the sign bit.
-static_assert(MAX_FAILURE_REASON <= 32, "failure reason out of sync");
-
-// A CrypterPair contains the encrypter and decrypter for an encryption level.
-struct NET_EXPORT_PRIVATE CrypterPair {
- CrypterPair();
- ~CrypterPair();
- std::unique_ptr<QuicEncrypter> encrypter;
- std::unique_ptr<QuicDecrypter> decrypter;
-};
-
-// Parameters negotiated by the crypto handshake.
-struct NET_EXPORT_PRIVATE QuicCryptoNegotiatedParameters {
- // Initializes the members to 0 or empty values.
- QuicCryptoNegotiatedParameters();
- ~QuicCryptoNegotiatedParameters();
-
- QuicTag key_exchange;
- QuicTag aead;
- std::string initial_premaster_secret;
- std::string forward_secure_premaster_secret;
- // initial_subkey_secret is used as the PRK input to the HKDF used when
- // performing key extraction that needs to happen before forward-secure keys
- // are available.
- std::string initial_subkey_secret;
- // subkey_secret is used as the PRK input to the HKDF used for key extraction.
- std::string subkey_secret;
- CrypterPair initial_crypters;
- CrypterPair forward_secure_crypters;
- // Normalized SNI: converted to lower case and trailing '.' removed.
- std::string sni;
- std::string client_nonce;
- std::string server_nonce;
- // hkdf_input_suffix contains the HKDF input following the label: the
- // ConnectionId, client hello and server config. This is only populated in the
- // client because only the client needs to derive the forward secure keys at a
- // later time from the initial keys.
- std::string hkdf_input_suffix;
- // cached_certs contains the cached certificates that a client used when
- // sending a client hello.
- std::vector<std::string> cached_certs;
- // client_key_exchange is used by clients to store the ephemeral KeyExchange
- // for the connection.
- std::unique_ptr<KeyExchange> client_key_exchange;
- // channel_id is set by servers to a ChannelID key when the client correctly
- // proves possession of the corresponding private key. It consists of 32
- // bytes of x coordinate, followed by 32 bytes of y coordinate. Both values
- // are big-endian and the pair is a P-256 public key.
- std::string channel_id;
- QuicTag token_binding_key_param;
-
- // Used when generating proof signature when sending server config updates.
- bool x509_ecdsa_supported;
- bool x509_supported;
-
- // Used to generate cert chain when sending server config updates.
- std::string client_common_set_hashes;
- std::string client_cached_cert_hashes;
-
- // Default to false; set to true if the client indicates that it supports sct
- // by sending CSCT tag with an empty value in client hello.
- bool sct_supported_by_client;
-};
-
-// QuicCryptoConfig contains common configuration between clients and servers.
-class NET_EXPORT_PRIVATE QuicCryptoConfig {
- public:
- // kInitialLabel is a constant that is used when deriving the initial
- // (non-forward secure) keys for the connection in order to tie the resulting
- // key to this protocol.
- static const char kInitialLabel[];
-
- // kCETVLabel is a constant that is used when deriving the keys for the
- // encrypted tag/value block in the client hello.
- static const char kCETVLabel[];
-
- // kForwardSecureLabel is a constant that is used when deriving the forward
- // secure keys for the connection in order to tie the resulting key to this
- // protocol.
- static const char kForwardSecureLabel[];
-
- QuicCryptoConfig();
- ~QuicCryptoConfig();
-
- // Key exchange methods. The following two members' values correspond by
- // index.
- QuicTagVector kexs;
- // Authenticated encryption with associated data (AEAD) algorithms.
- QuicTagVector aead;
-
- // Supported Token Binding key parameters that can be negotiated in the client
- // hello.
- QuicTagVector tb_key_params;
-
- const CommonCertSets* common_cert_sets;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(QuicCryptoConfig);
-};
-
-} // namespace net
-
-#endif // NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
« no previous file with comments | « net/quic/crypto/crypto_framer_test.cc ('k') | net/quic/crypto/crypto_handshake.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698