Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(163)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/crypto_server_config.cc

Issue 22647002: Add support to QUIC for QUIC_VERSION_8: for RSA-PSS signatures, set (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/quic/crypto/crypto_server_config.h ('k') | net/quic/crypto/crypto_server_test.cc » ('j') | net/quic/crypto/proof_verifier_chromium.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/crypto_server_config.h" 5 #include "net/quic/crypto/crypto_server_config.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 #include <algorithm> 8 #include <algorithm>
9 9
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after
297 bool valid_source_address_token; 297 bool valid_source_address_token;
298 bool client_nonce_well_formed; 298 bool client_nonce_well_formed;
299 bool unique; 299 bool unique;
300 StringPiece sni; 300 StringPiece sni;
301 StringPiece client_nonce; 301 StringPiece client_nonce;
302 StringPiece server_nonce; 302 StringPiece server_nonce;
303 }; 303 };
304 304
305 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello( 305 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
306 const CryptoHandshakeMessage& client_hello, 306 const CryptoHandshakeMessage& client_hello,
307 QuicVersion version,
307 QuicGuid guid, 308 QuicGuid guid,
308 const IPEndPoint& client_ip, 309 const IPEndPoint& client_ip,
309 const QuicClock* clock, 310 const QuicClock* clock,
310 QuicRandom* rand, 311 QuicRandom* rand,
311 QuicCryptoNegotiatedParameters *params, 312 QuicCryptoNegotiatedParameters *params,
312 CryptoHandshakeMessage* out, 313 CryptoHandshakeMessage* out,
313 string* error_details) const { 314 string* error_details) const {
314 DCHECK(error_details); 315 DCHECK(error_details);
315 316
316 StringPiece requested_scid; 317 StringPiece requested_scid;
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
351 if (error != QUIC_NO_ERROR) { 352 if (error != QUIC_NO_ERROR) {
352 return error; 353 return error;
353 } 354 }
354 355
355 out->Clear(); 356 out->Clear();
356 357
357 if (!info.valid_source_address_token || 358 if (!info.valid_source_address_token ||
358 !info.client_nonce_well_formed || 359 !info.client_nonce_well_formed ||
359 !info.unique || 360 !info.unique ||
360 !requested_config.get()) { 361 !requested_config.get()) {
361 BuildRejection(primary_config, client_hello, info, rand, out); 362 BuildRejection(version, primary_config.get(), client_hello, info, rand,
363 out);
362 return QUIC_NO_ERROR; 364 return QUIC_NO_ERROR;
363 } 365 }
364 366
365 const QuicTag* their_aeads; 367 const QuicTag* their_aeads;
366 const QuicTag* their_key_exchanges; 368 const QuicTag* their_key_exchanges;
367 size_t num_their_aeads, num_their_key_exchanges; 369 size_t num_their_aeads, num_their_key_exchanges;
368 if (client_hello.GetTaglist(kAEAD, &their_aeads, 370 if (client_hello.GetTaglist(kAEAD, &their_aeads,
369 &num_their_aeads) != QUIC_NO_ERROR || 371 &num_their_aeads) != QUIC_NO_ERROR ||
370 client_hello.GetTaglist(kKEXS, &their_key_exchanges, 372 client_hello.GetTaglist(kKEXS, &their_key_exchanges,
371 &num_their_key_exchanges) != QUIC_NO_ERROR || 373 &num_their_key_exchanges) != QUIC_NO_ERROR ||
(...skipping 283 matching lines...) Expand 10 before | Expand all | Expand 10 after
655 } 657 }
656 658
657 info->unique = !replay_protection_ || 659 info->unique = !replay_protection_ ||
658 unique_by_strike_register || 660 unique_by_strike_register ||
659 unique_by_server_nonce; 661 unique_by_server_nonce;
660 662
661 return QUIC_NO_ERROR; 663 return QUIC_NO_ERROR;
662 } 664 }
663 665
664 void QuicCryptoServerConfig::BuildRejection( 666 void QuicCryptoServerConfig::BuildRejection(
667 QuicVersion version,
665 const scoped_refptr<Config>& config, 668 const scoped_refptr<Config>& config,
666 const CryptoHandshakeMessage& client_hello, 669 const CryptoHandshakeMessage& client_hello,
667 const ClientHelloInfo& info, 670 const ClientHelloInfo& info,
668 QuicRandom* rand, 671 QuicRandom* rand,
669 CryptoHandshakeMessage* out) const { 672 CryptoHandshakeMessage* out) const {
670 out->set_tag(kREJ); 673 out->set_tag(kREJ);
671 out->SetStringPiece(kSCFG, config->serialized); 674 out->SetStringPiece(kSCFG, config->serialized);
672 out->SetStringPiece(kSourceAddressTokenTag, 675 out->SetStringPiece(kSourceAddressTokenTag,
673 NewSourceAddressToken(info.client_ip, rand, info.now)); 676 NewSourceAddressToken(info.client_ip, rand, info.now));
674 if (replay_protection_) { 677 if (replay_protection_) {
(...skipping 23 matching lines...) Expand all
698 break; 701 break;
699 } 702 }
700 } 703 }
701 704
702 if (!x509_supported) { 705 if (!x509_supported) {
703 return; 706 return;
704 } 707 }
705 708
706 const vector<string>* certs; 709 const vector<string>* certs;
707 string signature; 710 string signature;
708 if (!proof_source_->GetProof(info.sni.as_string(), config->serialized, 711 if (!proof_source_->GetProof(version, info.sni.as_string(),
709 x509_ecdsa_supported, &certs, &signature)) { 712 config->serialized, x509_ecdsa_supported,
713 &certs, &signature)) {
710 return; 714 return;
711 } 715 }
712 716
713 StringPiece their_common_set_hashes; 717 StringPiece their_common_set_hashes;
714 StringPiece their_cached_cert_hashes; 718 StringPiece their_cached_cert_hashes;
715 client_hello.GetStringPiece(kCCS, &their_common_set_hashes); 719 client_hello.GetStringPiece(kCCS, &their_common_set_hashes);
716 client_hello.GetStringPiece(kCCRT, &their_cached_cert_hashes); 720 client_hello.GetStringPiece(kCCRT, &their_cached_cert_hashes);
717 721
718 const string compressed = CertCompressor::CompressChain( 722 const string compressed = CertCompressor::CompressChain(
719 *certs, their_common_set_hashes, their_cached_cert_hashes, 723 *certs, their_common_set_hashes, their_cached_cert_hashes,
(...skipping 337 matching lines...) Expand 10 before | Expand all | Expand 10 after
1057 } 1061 }
1058 1062
1059 QuicCryptoServerConfig::Config::Config() 1063 QuicCryptoServerConfig::Config::Config()
1060 : channel_id_enabled(false), 1064 : channel_id_enabled(false),
1061 is_primary(false), 1065 is_primary(false),
1062 primary_time(QuicWallTime::Zero()) {} 1066 primary_time(QuicWallTime::Zero()) {}
1063 1067
1064 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } 1068 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }
1065 1069
1066 } // namespace net 1070 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/crypto_server_config.h ('k') | net/quic/crypto/crypto_server_test.cc » ('j') | net/quic/crypto/proof_verifier_chromium.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698