| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_client_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_client_config.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 59 : proof_verifier_(std::move(proof_verifier)) { | 59 : proof_verifier_(std::move(proof_verifier)) { |
| 60 DCHECK(proof_verifier_.get()); | 60 DCHECK(proof_verifier_.get()); |
| 61 SetDefaults(); | 61 SetDefaults(); |
| 62 } | 62 } |
| 63 | 63 |
| 64 QuicCryptoClientConfig::~QuicCryptoClientConfig() { | 64 QuicCryptoClientConfig::~QuicCryptoClientConfig() { |
| 65 base::STLDeleteValues(&cached_states_); | 65 base::STLDeleteValues(&cached_states_); |
| 66 } | 66 } |
| 67 | 67 |
| 68 QuicCryptoClientConfig::CachedState::CachedState() | 68 QuicCryptoClientConfig::CachedState::CachedState() |
| 69 : server_config_valid_(false), generation_counter_(0) {} | 69 : server_config_valid_(false), |
| 70 expiration_time_(QuicWallTime::Zero()), |
| 71 generation_counter_(0) {} |
| 70 | 72 |
| 71 QuicCryptoClientConfig::CachedState::~CachedState() {} | 73 QuicCryptoClientConfig::CachedState::~CachedState() {} |
| 72 | 74 |
| 73 bool QuicCryptoClientConfig::CachedState::IsComplete(QuicWallTime now) const { | 75 bool QuicCryptoClientConfig::CachedState::IsComplete(QuicWallTime now) const { |
| 74 if (server_config_.empty()) { | 76 if (server_config_.empty()) { |
| 75 RecordInchoateClientHelloReason(SERVER_CONFIG_EMPTY); | 77 RecordInchoateClientHelloReason(SERVER_CONFIG_EMPTY); |
| 76 return false; | 78 return false; |
| 77 } | 79 } |
| 78 | 80 |
| 79 if (!server_config_valid_) { | 81 if (!server_config_valid_) { |
| 80 RecordInchoateClientHelloReason(SERVER_CONFIG_INVALID); | 82 RecordInchoateClientHelloReason(SERVER_CONFIG_INVALID); |
| 81 return false; | 83 return false; |
| 82 } | 84 } |
| 83 | 85 |
| 84 const CryptoHandshakeMessage* scfg = GetServerConfig(); | 86 const CryptoHandshakeMessage* scfg = GetServerConfig(); |
| 85 if (!scfg) { | 87 if (!scfg) { |
| 86 // Should be impossible short of cache corruption. | 88 // Should be impossible short of cache corruption. |
| 87 DCHECK(false); | 89 DCHECK(false); |
| 88 RecordInchoateClientHelloReason(SERVER_CONFIG_CORRUPTED); | 90 RecordInchoateClientHelloReason(SERVER_CONFIG_CORRUPTED); |
| 89 return false; | 91 return false; |
| 90 } | 92 } |
| 91 | 93 |
| 92 uint64_t expiry_seconds; | 94 if (now.IsAfter(expiration_time_)) { |
| 93 if (scfg->GetUint64(kEXPY, &expiry_seconds) != QUIC_NO_ERROR) { | |
| 94 RecordInchoateClientHelloReason(SERVER_CONFIG_INVALID_EXPIRY); | |
| 95 return false; | |
| 96 } | |
| 97 if (now.ToUNIXSeconds() >= expiry_seconds) { | |
| 98 UMA_HISTOGRAM_CUSTOM_TIMES( | 95 UMA_HISTOGRAM_CUSTOM_TIMES( |
| 99 "Net.QuicClientHelloServerConfig.InvalidDuration", | 96 "Net.QuicClientHelloServerConfig.InvalidDuration", |
| 100 base::TimeDelta::FromSeconds(now.ToUNIXSeconds() - expiry_seconds), | 97 base::TimeDelta::FromSeconds(now.ToUNIXSeconds() - |
| 98 expiration_time_.ToUNIXSeconds()), |
| 101 base::TimeDelta::FromMinutes(1), base::TimeDelta::FromDays(20), 50); | 99 base::TimeDelta::FromMinutes(1), base::TimeDelta::FromDays(20), 50); |
| 102 RecordInchoateClientHelloReason(SERVER_CONFIG_EXPIRED); | 100 RecordInchoateClientHelloReason(SERVER_CONFIG_EXPIRED); |
| 103 return false; | 101 return false; |
| 104 } | 102 } |
| 105 | 103 |
| 106 return true; | 104 return true; |
| 107 } | 105 } |
| 108 | 106 |
| 109 bool QuicCryptoClientConfig::CachedState::IsEmpty() const { | 107 bool QuicCryptoClientConfig::CachedState::IsEmpty() const { |
| 110 return server_config_.empty(); | 108 return server_config_.empty(); |
| (...skipping 27 matching lines...) Expand all Loading... |
| 138 server_nonces_.push(server_nonce); | 136 server_nonces_.push(server_nonce); |
| 139 } | 137 } |
| 140 | 138 |
| 141 bool QuicCryptoClientConfig::CachedState::has_server_nonce() const { | 139 bool QuicCryptoClientConfig::CachedState::has_server_nonce() const { |
| 142 return !server_nonces_.empty(); | 140 return !server_nonces_.empty(); |
| 143 } | 141 } |
| 144 | 142 |
| 145 QuicCryptoClientConfig::CachedState::ServerConfigState | 143 QuicCryptoClientConfig::CachedState::ServerConfigState |
| 146 QuicCryptoClientConfig::CachedState::SetServerConfig(StringPiece server_config, | 144 QuicCryptoClientConfig::CachedState::SetServerConfig(StringPiece server_config, |
| 147 QuicWallTime now, | 145 QuicWallTime now, |
| 146 QuicWallTime expiry_time, |
| 148 string* error_details) { | 147 string* error_details) { |
| 149 const bool matches_existing = server_config == server_config_; | 148 const bool matches_existing = server_config == server_config_; |
| 150 | 149 |
| 151 // Even if the new server config matches the existing one, we still wish to | 150 // Even if the new server config matches the existing one, we still wish to |
| 152 // reject it if it has expired. | 151 // reject it if it has expired. |
| 153 std::unique_ptr<CryptoHandshakeMessage> new_scfg_storage; | 152 std::unique_ptr<CryptoHandshakeMessage> new_scfg_storage; |
| 154 const CryptoHandshakeMessage* new_scfg; | 153 const CryptoHandshakeMessage* new_scfg; |
| 155 | 154 |
| 156 if (!matches_existing) { | 155 if (!matches_existing) { |
| 157 new_scfg_storage.reset(CryptoFramer::ParseMessage(server_config)); | 156 new_scfg_storage.reset(CryptoFramer::ParseMessage(server_config)); |
| 158 new_scfg = new_scfg_storage.get(); | 157 new_scfg = new_scfg_storage.get(); |
| 159 } else { | 158 } else { |
| 160 new_scfg = GetServerConfig(); | 159 new_scfg = GetServerConfig(); |
| 161 } | 160 } |
| 162 | 161 |
| 163 if (!new_scfg) { | 162 if (!new_scfg) { |
| 164 *error_details = "SCFG invalid"; | 163 *error_details = "SCFG invalid"; |
| 165 return SERVER_CONFIG_INVALID; | 164 return SERVER_CONFIG_INVALID; |
| 166 } | 165 } |
| 167 | 166 |
| 168 uint64_t expiry_seconds; | 167 if (expiry_time.IsZero()) { |
| 169 if (new_scfg->GetUint64(kEXPY, &expiry_seconds) != QUIC_NO_ERROR) { | 168 uint64_t expiry_seconds; |
| 170 *error_details = "SCFG missing EXPY"; | 169 if (new_scfg->GetUint64(kEXPY, &expiry_seconds) != QUIC_NO_ERROR) { |
| 171 return SERVER_CONFIG_INVALID_EXPIRY; | 170 *error_details = "SCFG missing EXPY"; |
| 171 return SERVER_CONFIG_INVALID_EXPIRY; |
| 172 } |
| 173 expiration_time_ = QuicWallTime::FromUNIXSeconds(expiry_seconds); |
| 174 } else { |
| 175 expiration_time_ = expiry_time; |
| 172 } | 176 } |
| 173 | 177 |
| 174 if (now.ToUNIXSeconds() >= expiry_seconds) { | 178 if (now.IsAfter(expiration_time_)) { |
| 175 *error_details = "SCFG has expired"; | 179 *error_details = "SCFG has expired"; |
| 176 return SERVER_CONFIG_EXPIRED; | 180 return SERVER_CONFIG_EXPIRED; |
| 177 } | 181 } |
| 178 | 182 |
| 179 if (!matches_existing) { | 183 if (!matches_existing) { |
| 180 server_config_ = server_config.as_string(); | 184 server_config_ = server_config.as_string(); |
| 181 SetProofInvalid(); | 185 SetProofInvalid(); |
| 182 scfg_.reset(new_scfg_storage.release()); | 186 scfg_.reset(new_scfg_storage.release()); |
| 183 } | 187 } |
| 184 return SERVER_CONFIG_VALID; | 188 return SERVER_CONFIG_VALID; |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 252 ++generation_counter_; | 256 ++generation_counter_; |
| 253 } | 257 } |
| 254 | 258 |
| 255 bool QuicCryptoClientConfig::CachedState::Initialize( | 259 bool QuicCryptoClientConfig::CachedState::Initialize( |
| 256 StringPiece server_config, | 260 StringPiece server_config, |
| 257 StringPiece source_address_token, | 261 StringPiece source_address_token, |
| 258 const vector<string>& certs, | 262 const vector<string>& certs, |
| 259 StringPiece cert_sct, | 263 StringPiece cert_sct, |
| 260 StringPiece chlo_hash, | 264 StringPiece chlo_hash, |
| 261 StringPiece signature, | 265 StringPiece signature, |
| 262 QuicWallTime now) { | 266 QuicWallTime now, |
| 267 QuicWallTime expiration_time) { |
| 263 DCHECK(server_config_.empty()); | 268 DCHECK(server_config_.empty()); |
| 264 | 269 |
| 265 if (server_config.empty()) { | 270 if (server_config.empty()) { |
| 266 RecordDiskCacheServerConfigState(SERVER_CONFIG_EMPTY); | 271 RecordDiskCacheServerConfigState(SERVER_CONFIG_EMPTY); |
| 267 return false; | 272 return false; |
| 268 } | 273 } |
| 269 | 274 |
| 270 string error_details; | 275 string error_details; |
| 271 ServerConfigState state = SetServerConfig(server_config, now, &error_details); | 276 ServerConfigState state = |
| 277 SetServerConfig(server_config, now, expiration_time, &error_details); |
| 272 RecordDiskCacheServerConfigState(state); | 278 RecordDiskCacheServerConfigState(state); |
| 273 if (state != SERVER_CONFIG_VALID) { | 279 if (state != SERVER_CONFIG_VALID) { |
| 274 DVLOG(1) << "SetServerConfig failed with " << error_details; | 280 DVLOG(1) << "SetServerConfig failed with " << error_details; |
| 275 return false; | 281 return false; |
| 276 } | 282 } |
| 277 | 283 |
| 278 signature.CopyToString(&server_config_sig_); | 284 signature.CopyToString(&server_config_sig_); |
| 279 source_address_token.CopyToString(&source_address_token_); | 285 source_address_token.CopyToString(&source_address_token_); |
| 280 cert_sct.CopyToString(&cert_sct_); | 286 cert_sct.CopyToString(&cert_sct_); |
| 281 chlo_hash.CopyToString(&chlo_hash_); | 287 chlo_hash.CopyToString(&chlo_hash_); |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 340 DCHECK(server_config_.empty()); | 346 DCHECK(server_config_.empty()); |
| 341 DCHECK(!server_config_valid_); | 347 DCHECK(!server_config_valid_); |
| 342 server_config_ = other.server_config_; | 348 server_config_ = other.server_config_; |
| 343 source_address_token_ = other.source_address_token_; | 349 source_address_token_ = other.source_address_token_; |
| 344 certs_ = other.certs_; | 350 certs_ = other.certs_; |
| 345 cert_sct_ = other.cert_sct_; | 351 cert_sct_ = other.cert_sct_; |
| 346 chlo_hash_ = other.chlo_hash_; | 352 chlo_hash_ = other.chlo_hash_; |
| 347 server_config_sig_ = other.server_config_sig_; | 353 server_config_sig_ = other.server_config_sig_; |
| 348 server_config_valid_ = other.server_config_valid_; | 354 server_config_valid_ = other.server_config_valid_; |
| 349 server_designated_connection_ids_ = other.server_designated_connection_ids_; | 355 server_designated_connection_ids_ = other.server_designated_connection_ids_; |
| 356 expiration_time_ = other.expiration_time_; |
| 350 if (other.proof_verify_details_.get() != nullptr) { | 357 if (other.proof_verify_details_.get() != nullptr) { |
| 351 proof_verify_details_.reset(other.proof_verify_details_->Clone()); | 358 proof_verify_details_.reset(other.proof_verify_details_->Clone()); |
| 352 } | 359 } |
| 353 ++generation_counter_; | 360 ++generation_counter_; |
| 354 } | 361 } |
| 355 | 362 |
| 356 QuicConnectionId | 363 QuicConnectionId |
| 357 QuicCryptoClientConfig::CachedState::GetNextServerDesignatedConnectionId() { | 364 QuicCryptoClientConfig::CachedState::GetNextServerDesignatedConnectionId() { |
| 358 if (server_designated_connection_ids_.empty()) { | 365 if (server_designated_connection_ids_.empty()) { |
| 359 QUIC_BUG | 366 QUIC_BUG |
| (...skipping 363 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 723 CachedState* cached, | 730 CachedState* cached, |
| 724 string* error_details) { | 731 string* error_details) { |
| 725 DCHECK(error_details != nullptr); | 732 DCHECK(error_details != nullptr); |
| 726 | 733 |
| 727 StringPiece scfg; | 734 StringPiece scfg; |
| 728 if (!message.GetStringPiece(kSCFG, &scfg)) { | 735 if (!message.GetStringPiece(kSCFG, &scfg)) { |
| 729 *error_details = "Missing SCFG"; | 736 *error_details = "Missing SCFG"; |
| 730 return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; | 737 return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; |
| 731 } | 738 } |
| 732 | 739 |
| 740 QuicWallTime expiration_time = QuicWallTime::Zero(); |
| 741 uint64_t expiry_seconds; |
| 742 if (message.GetUint64(kSTTL, &expiry_seconds) == QUIC_NO_ERROR) { |
| 743 expiration_time = now.Add(QuicTime::Delta::FromSeconds(expiry_seconds)); |
| 744 } |
| 745 |
| 733 CachedState::ServerConfigState state = | 746 CachedState::ServerConfigState state = |
| 734 cached->SetServerConfig(scfg, now, error_details); | 747 cached->SetServerConfig(scfg, now, expiration_time, error_details); |
| 735 if (state == CachedState::SERVER_CONFIG_EXPIRED) { | 748 if (state == CachedState::SERVER_CONFIG_EXPIRED) { |
| 736 return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED; | 749 return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED; |
| 737 } | 750 } |
| 738 // TODO(rtenneti): Return more specific error code than returning | 751 // TODO(rtenneti): Return more specific error code than returning |
| 739 // QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER. | 752 // QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER. |
| 740 if (state != CachedState::SERVER_CONFIG_VALID) { | 753 if (state != CachedState::SERVER_CONFIG_VALID) { |
| 741 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 754 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 742 } | 755 } |
| 743 | 756 |
| 744 StringPiece token; | 757 StringPiece token; |
| (...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 979 } | 992 } |
| 980 | 993 |
| 981 // Update canonical version to point at the "most recent" entry. | 994 // Update canonical version to point at the "most recent" entry. |
| 982 canonical_server_map_[suffix_server_id] = server_id; | 995 canonical_server_map_[suffix_server_id] = server_id; |
| 983 | 996 |
| 984 server_state->InitializeFrom(*canonical_state); | 997 server_state->InitializeFrom(*canonical_state); |
| 985 return true; | 998 return true; |
| 986 } | 999 } |
| 987 | 1000 |
| 988 } // namespace net | 1001 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2308043003:
Landing Recent QUIC changes until 5:55 PM, Aug 25, 2016 UTC-4 (Closed)
