Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/core/crypto/quic_crypto_server_config.h

Issue 2227553003: Use the CHLO packet size, not message size when determining how large a REJ can be. Protected by --… (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@129101660
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/core/crypto/quic_crypto_client_config.cc ('k') | net/quic/core/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ 5 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
6 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ 6 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
7 7
8 #include <stddef.h> 8 #include <stddef.h>
9 #include <stdint.h> 9 #include <stdint.h>
10 10
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after
272 // supports. 272 // supports.
273 // clock: used to validate client nonces and ephemeral keys. 273 // clock: used to validate client nonces and ephemeral keys.
274 // rand: an entropy source 274 // rand: an entropy source
275 // compressed_certs_cache: the cache that caches a set of most recently used 275 // compressed_certs_cache: the cache that caches a set of most recently used
276 // certs. Owned by QuicDispatcher. 276 // certs. Owned by QuicDispatcher.
277 // params: the state of the handshake. This may be updated with a server 277 // params: the state of the handshake. This may be updated with a server
278 // nonce when we send a rejection. After a successful handshake, this will 278 // nonce when we send a rejection. After a successful handshake, this will
279 // contain the state of the connection. 279 // contain the state of the connection.
280 // crypto_proof: output structure containing the crypto proof used in reply to 280 // crypto_proof: output structure containing the crypto proof used in reply to
281 // a proof demand. 281 // a proof demand.
282 // total_framing_overhead: the total per-packet overhead for a stream frame
283 // chlo_packet_size: the size, in bytes, of the CHLO packet
282 // out: the resulting handshake message (either REJ or SHLO) 284 // out: the resulting handshake message (either REJ or SHLO)
283 // out_diversification_nonce: If the resulting handshake message is SHLO and 285 // out_diversification_nonce: If the resulting handshake message is SHLO and
284 // the version is greater than QUIC_VERSION_32 then this contains a 286 // the version is greater than QUIC_VERSION_32 then this contains a
285 // 32-byte value that should be included in the public header of 287 // 32-byte value that should be included in the public header of
286 // initially encrypted packets. 288 // initially encrypted packets.
287 // error_details: used to store a std::string describing any error. 289 // error_details: used to store a std::string describing any error.
288 QuicErrorCode ProcessClientHello( 290 QuicErrorCode ProcessClientHello(
289 const ValidateClientHelloResultCallback::Result& validate_chlo_result, 291 const ValidateClientHelloResultCallback::Result& validate_chlo_result,
290 bool reject_only, 292 bool reject_only,
291 QuicConnectionId connection_id, 293 QuicConnectionId connection_id,
292 const IPAddress& server_ip, 294 const IPAddress& server_ip,
293 const IPEndPoint& client_address, 295 const IPEndPoint& client_address,
294 QuicVersion version, 296 QuicVersion version,
295 const QuicVersionVector& supported_versions, 297 const QuicVersionVector& supported_versions,
296 bool use_stateless_rejects, 298 bool use_stateless_rejects,
297 QuicConnectionId server_designated_connection_id, 299 QuicConnectionId server_designated_connection_id,
298 const QuicClock* clock, 300 const QuicClock* clock,
299 QuicRandom* rand, 301 QuicRandom* rand,
300 QuicCompressedCertsCache* compressed_certs_cache, 302 QuicCompressedCertsCache* compressed_certs_cache,
301 QuicCryptoNegotiatedParameters* params, 303 QuicCryptoNegotiatedParameters* params,
302 QuicCryptoProof* crypto_proof, 304 QuicCryptoProof* crypto_proof,
305 QuicByteCount total_framing_overhead,
306 QuicByteCount chlo_packet_size,
303 CryptoHandshakeMessage* out, 307 CryptoHandshakeMessage* out,
304 DiversificationNonce* out_diversification_nonce, 308 DiversificationNonce* out_diversification_nonce,
305 std::string* error_details) const; 309 std::string* error_details) const;
306 310
307 // BuildServerConfigUpdateMessage sets |out| to be a SCUP message containing 311 // BuildServerConfigUpdateMessage sets |out| to be a SCUP message containing
308 // the current primary config, an up to date source-address token, and cert 312 // the current primary config, an up to date source-address token, and cert
309 // chain and proof in the case of secure QUIC. Returns true if successfully 313 // chain and proof in the case of secure QUIC. Returns true if successfully
310 // filled |out|. 314 // filled |out|.
311 // 315 //
312 // |cached_network_params| is optional, and can be nullptr. 316 // |cached_network_params| is optional, and can be nullptr.
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after
543 const Config& config, 547 const Config& config,
544 const CryptoHandshakeMessage& client_hello, 548 const CryptoHandshakeMessage& client_hello,
545 const ClientHelloInfo& info, 549 const ClientHelloInfo& info,
546 const CachedNetworkParameters& cached_network_params, 550 const CachedNetworkParameters& cached_network_params,
547 bool use_stateless_rejects, 551 bool use_stateless_rejects,
548 QuicConnectionId server_designated_connection_id, 552 QuicConnectionId server_designated_connection_id,
549 QuicRandom* rand, 553 QuicRandom* rand,
550 QuicCompressedCertsCache* compressed_certs_cache, 554 QuicCompressedCertsCache* compressed_certs_cache,
551 QuicCryptoNegotiatedParameters* params, 555 QuicCryptoNegotiatedParameters* params,
552 const QuicCryptoProof& crypto_proof, 556 const QuicCryptoProof& crypto_proof,
557 QuicByteCount total_framing_overhead,
558 QuicByteCount chlo_packet_size,
553 CryptoHandshakeMessage* out) const; 559 CryptoHandshakeMessage* out) const;
554 560
555 // CompressChain compresses the certificates in |chain->certs| and returns a 561 // CompressChain compresses the certificates in |chain->certs| and returns a
556 // compressed representation. |common_sets| contains the common certificate 562 // compressed representation. |common_sets| contains the common certificate
557 // sets known locally and |client_common_set_hashes| contains the hashes of 563 // sets known locally and |client_common_set_hashes| contains the hashes of
558 // the common sets known to the peer. |client_cached_cert_hashes| contains 564 // the common sets known to the peer. |client_cached_cert_hashes| contains
559 // 64-bit, FNV-1a hashes of certificates that the peer already possesses. 565 // 64-bit, FNV-1a hashes of certificates that the peer already possesses.
560 static std::string CompressChain( 566 static std::string CompressChain(
561 QuicCompressedCertsCache* compressed_certs_cache, 567 QuicCompressedCertsCache* compressed_certs_cache,
562 const scoped_refptr<ProofSource::Chain>& chain, 568 const scoped_refptr<ProofSource::Chain>& chain,
(...skipping 220 matching lines...) Expand 10 before | Expand all | Expand 10 after
783 std::string cert_sct; 789 std::string cert_sct;
784 // The server config that is used for this proof (and the rest of the 790 // The server config that is used for this proof (and the rest of the
785 // request). 791 // request).
786 scoped_refptr<QuicCryptoServerConfig::Config> config; 792 scoped_refptr<QuicCryptoServerConfig::Config> config;
787 std::string primary_scid; 793 std::string primary_scid;
788 }; 794 };
789 795
790 } // namespace net 796 } // namespace net
791 797
792 #endif // NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ 798 #endif // NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
OLDNEW
« no previous file with comments | « net/quic/core/crypto/quic_crypto_client_config.cc ('k') | net/quic/core/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698