| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 if (ip.IsIPv4()) { | 74 if (ip.IsIPv4()) { |
| 75 return ConvertIPv4ToIPv4MappedIPv6(ip); | 75 return ConvertIPv4ToIPv4MappedIPv6(ip); |
| 76 } | 76 } |
| 77 return ip; | 77 return ip; |
| 78 } | 78 } |
| 79 | 79 |
| 80 } // namespace | 80 } // namespace |
| 81 | 81 |
| 82 class ValidateClientHelloHelper { | 82 class ValidateClientHelloHelper { |
| 83 public: | 83 public: |
| 84 ValidateClientHelloHelper(ValidateClientHelloResultCallback::Result* result, | 84 // Note: stores pointers to unique_ptrs, and std::moves the unique_ptrs when |
| 85 ValidateClientHelloResultCallback* done_cb) | 85 // ValidationComplete is called. |
| 86 ValidateClientHelloHelper( |
| 87 std::unique_ptr<ValidateClientHelloResultCallback::Result>* result, |
| 88 std::unique_ptr<ValidateClientHelloResultCallback>* done_cb) |
| 86 : result_(result), done_cb_(done_cb) {} | 89 : result_(result), done_cb_(done_cb) {} |
| 87 | 90 |
| 88 ~ValidateClientHelloHelper() { | 91 ~ValidateClientHelloHelper() { |
| 89 QUIC_BUG_IF(done_cb_ != nullptr) | 92 QUIC_BUG_IF(done_cb_ != nullptr) |
| 90 << "Deleting ValidateClientHelloHelper with a pending callback."; | 93 << "Deleting ValidateClientHelloHelper with a pending callback."; |
| 91 } | 94 } |
| 92 | 95 |
| 93 void ValidationComplete( | 96 void ValidationComplete( |
| 94 QuicErrorCode error_code, | 97 QuicErrorCode error_code, |
| 95 const char* error_details, | 98 const char* error_details, |
| 96 std::unique_ptr<ProofSource::Details> proof_source_details) { | 99 std::unique_ptr<ProofSource::Details> proof_source_details) { |
| 97 result_->error_code = error_code; | 100 (*result_)->error_code = error_code; |
| 98 result_->error_details = error_details; | 101 (*result_)->error_details = error_details; |
| 99 done_cb_->Run(result_, std::move(proof_source_details)); | 102 (*done_cb_)->Run(std::move(*result_), std::move(proof_source_details)); |
| 100 DetachCallback(); | 103 DetachCallback(); |
| 101 } | 104 } |
| 102 | 105 |
| 103 void DetachCallback() { | 106 void DetachCallback() { |
| 104 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; | 107 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; |
| 105 done_cb_ = nullptr; | 108 done_cb_ = nullptr; |
| 106 } | 109 } |
| 107 | 110 |
| 108 private: | 111 private: |
| 109 ValidateClientHelloResultCallback::Result* result_; | 112 std::unique_ptr<ValidateClientHelloResultCallback::Result>* result_; |
| 110 ValidateClientHelloResultCallback* done_cb_; | 113 std::unique_ptr<ValidateClientHelloResultCallback>* done_cb_; |
| 111 | 114 |
| 112 DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper); | 115 DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper); |
| 113 }; | 116 }; |
| 114 | 117 |
| 115 class VerifyNonceIsValidAndUniqueCallback | 118 class VerifyNonceIsValidAndUniqueCallback |
| 116 : public StrikeRegisterClient::ResultCallback { | 119 : public StrikeRegisterClient::ResultCallback { |
| 117 public: | 120 public: |
| 118 VerifyNonceIsValidAndUniqueCallback( | 121 VerifyNonceIsValidAndUniqueCallback( |
| 119 ValidateClientHelloResultCallback::Result* result, | 122 std::unique_ptr<ValidateClientHelloResultCallback::Result> result, |
| 120 std::unique_ptr<ProofSource::Details> proof_source_details, | 123 std::unique_ptr<ProofSource::Details> proof_source_details, |
| 121 ValidateClientHelloResultCallback* done_cb) | 124 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) |
| 122 : result_(result), | 125 : result_(std::move(result)), |
| 123 proof_source_details_(std::move(proof_source_details)), | 126 proof_source_details_(std::move(proof_source_details)), |
| 124 done_cb_(done_cb) {} | 127 done_cb_(std::move(done_cb)) {} |
| 125 | 128 |
| 126 protected: | 129 protected: |
| 127 void RunImpl(bool nonce_is_valid_and_unique, | 130 void RunImpl(bool nonce_is_valid_and_unique, |
| 128 InsertStatus nonce_error) override { | 131 InsertStatus nonce_error) override { |
| 129 DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique | 132 DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique |
| 130 << " nonce_error: " << nonce_error; | 133 << " nonce_error: " << nonce_error; |
| 131 if (!nonce_is_valid_and_unique) { | 134 if (!nonce_is_valid_and_unique) { |
| 132 HandshakeFailureReason client_nonce_error; | 135 HandshakeFailureReason client_nonce_error; |
| 133 switch (nonce_error) { | 136 switch (nonce_error) { |
| 134 case NONCE_INVALID_FAILURE: | 137 case NONCE_INVALID_FAILURE: |
| (...skipping 18 matching lines...) Expand all Loading... |
| 153 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; | 156 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; |
| 154 break; | 157 break; |
| 155 case NONCE_OK: | 158 case NONCE_OK: |
| 156 default: | 159 default: |
| 157 QUIC_BUG << "Unexpected client nonce error: " << nonce_error; | 160 QUIC_BUG << "Unexpected client nonce error: " << nonce_error; |
| 158 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; | 161 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; |
| 159 break; | 162 break; |
| 160 } | 163 } |
| 161 result_->info.reject_reasons.push_back(client_nonce_error); | 164 result_->info.reject_reasons.push_back(client_nonce_error); |
| 162 } | 165 } |
| 163 done_cb_->Run(result_, std::move(proof_source_details_)); | 166 done_cb_->Run(std::move(result_), std::move(proof_source_details_)); |
| 164 } | 167 } |
| 165 | 168 |
| 166 private: | 169 private: |
| 167 ValidateClientHelloResultCallback::Result* result_; | 170 std::unique_ptr<ValidateClientHelloResultCallback::Result> result_; |
| 168 std::unique_ptr<ProofSource::Details> proof_source_details_; | 171 std::unique_ptr<ProofSource::Details> proof_source_details_; |
| 169 ValidateClientHelloResultCallback* done_cb_; | 172 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; |
| 170 | 173 |
| 171 DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback); | 174 DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback); |
| 172 }; | 175 }; |
| 173 | 176 |
| 174 // static | 177 // static |
| 175 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing"; | 178 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing"; |
| 176 | 179 |
| 177 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip, | 180 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip, |
| 178 QuicWallTime in_now) | 181 QuicWallTime in_now) |
| 179 : client_ip(in_client_ip), now(in_now), valid_source_address_token(false) {} | 182 : client_ip(in_client_ip), now(in_now), valid_source_address_token(false) {} |
| 180 | 183 |
| 184 ClientHelloInfo::ClientHelloInfo(const ClientHelloInfo& other) = default; |
| 185 |
| 181 ClientHelloInfo::~ClientHelloInfo() {} | 186 ClientHelloInfo::~ClientHelloInfo() {} |
| 182 | 187 |
| 183 PrimaryConfigChangedCallback::PrimaryConfigChangedCallback() {} | 188 PrimaryConfigChangedCallback::PrimaryConfigChangedCallback() {} |
| 184 | 189 |
| 185 PrimaryConfigChangedCallback::~PrimaryConfigChangedCallback() {} | 190 PrimaryConfigChangedCallback::~PrimaryConfigChangedCallback() {} |
| 186 | 191 |
| 187 ValidateClientHelloResultCallback::Result::Result( | 192 ValidateClientHelloResultCallback::Result::Result( |
| 188 const CryptoHandshakeMessage& in_client_hello, | 193 const CryptoHandshakeMessage& in_client_hello, |
| 189 IPAddress in_client_ip, | 194 IPAddress in_client_ip, |
| 190 QuicWallTime in_now) | 195 QuicWallTime in_now) |
| 191 : client_hello(in_client_hello), | 196 : client_hello(in_client_hello), |
| 192 info(in_client_ip, in_now), | 197 info(in_client_ip, in_now), |
| 193 error_code(QUIC_NO_ERROR) {} | 198 error_code(QUIC_NO_ERROR) {} |
| 194 | 199 |
| 195 ValidateClientHelloResultCallback::Result::~Result() {} | 200 ValidateClientHelloResultCallback::Result::~Result() {} |
| 196 | 201 |
| 197 ValidateClientHelloResultCallback::ValidateClientHelloResultCallback() {} | 202 ValidateClientHelloResultCallback::ValidateClientHelloResultCallback() {} |
| 198 | 203 |
| 199 ValidateClientHelloResultCallback::~ValidateClientHelloResultCallback() {} | 204 ValidateClientHelloResultCallback::~ValidateClientHelloResultCallback() {} |
| 200 | 205 |
| 201 void ValidateClientHelloResultCallback::Run( | |
| 202 const Result* result, | |
| 203 std::unique_ptr<ProofSource::Details> details) { | |
| 204 RunImpl(result->client_hello, *result, std::move(details)); | |
| 205 delete result; | |
| 206 delete this; | |
| 207 } | |
| 208 | |
| 209 QuicCryptoServerConfig::ConfigOptions::ConfigOptions() | 206 QuicCryptoServerConfig::ConfigOptions::ConfigOptions() |
| 210 : expiry_time(QuicWallTime::Zero()), | 207 : expiry_time(QuicWallTime::Zero()), |
| 211 channel_id_enabled(false), | 208 channel_id_enabled(false), |
| 212 p256(false) {} | 209 p256(false) {} |
| 213 | 210 |
| 214 QuicCryptoServerConfig::ConfigOptions::ConfigOptions( | 211 QuicCryptoServerConfig::ConfigOptions::ConfigOptions( |
| 215 const ConfigOptions& other) = default; | 212 const ConfigOptions& other) = default; |
| 216 | 213 |
| 217 QuicCryptoServerConfig::ConfigOptions::~ConfigOptions() {} | 214 QuicCryptoServerConfig::ConfigOptions::~ConfigOptions() {} |
| 218 | 215 |
| (...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 496 } | 493 } |
| 497 } | 494 } |
| 498 | 495 |
| 499 void QuicCryptoServerConfig::ValidateClientHello( | 496 void QuicCryptoServerConfig::ValidateClientHello( |
| 500 const CryptoHandshakeMessage& client_hello, | 497 const CryptoHandshakeMessage& client_hello, |
| 501 const IPAddress& client_ip, | 498 const IPAddress& client_ip, |
| 502 const IPAddress& server_ip, | 499 const IPAddress& server_ip, |
| 503 QuicVersion version, | 500 QuicVersion version, |
| 504 const QuicClock* clock, | 501 const QuicClock* clock, |
| 505 QuicCryptoProof* crypto_proof, | 502 QuicCryptoProof* crypto_proof, |
| 506 ValidateClientHelloResultCallback* done_cb) const { | 503 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 507 const QuicWallTime now(clock->WallNow()); | 504 const QuicWallTime now(clock->WallNow()); |
| 508 | 505 |
| 509 ValidateClientHelloResultCallback::Result* result = | 506 std::unique_ptr<ValidateClientHelloResultCallback::Result> result( |
| 510 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, | 507 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, |
| 511 now); | 508 now)); |
| 512 | 509 |
| 513 StringPiece requested_scid; | 510 StringPiece requested_scid; |
| 514 client_hello.GetStringPiece(kSCID, &requested_scid); | 511 client_hello.GetStringPiece(kSCID, &requested_scid); |
| 515 | 512 |
| 516 uint8_t primary_orbit[kOrbitSize]; | 513 uint8_t primary_orbit[kOrbitSize]; |
| 517 scoped_refptr<Config> requested_config; | 514 scoped_refptr<Config> requested_config; |
| 518 scoped_refptr<Config> primary_config; | 515 scoped_refptr<Config> primary_config; |
| 519 { | 516 { |
| 520 base::AutoLock locked(configs_lock_); | 517 base::AutoLock locked(configs_lock_); |
| 521 | 518 |
| (...skipping 18 matching lines...) Expand all Loading... |
| 540 | 537 |
| 541 if (result->error_code == QUIC_NO_ERROR) { | 538 if (result->error_code == QUIC_NO_ERROR) { |
| 542 if (version > QUIC_VERSION_30) { | 539 if (version > QUIC_VERSION_30) { |
| 543 // QUIC v31 and above require a new proof for each CHLO so clear the | 540 // QUIC v31 and above require a new proof for each CHLO so clear the |
| 544 // existing proof, if any. | 541 // existing proof, if any. |
| 545 crypto_proof->chain = nullptr; | 542 crypto_proof->chain = nullptr; |
| 546 crypto_proof->signature = ""; | 543 crypto_proof->signature = ""; |
| 547 crypto_proof->cert_sct = ""; | 544 crypto_proof->cert_sct = ""; |
| 548 } | 545 } |
| 549 EvaluateClientHello(server_ip, version, primary_orbit, requested_config, | 546 EvaluateClientHello(server_ip, version, primary_orbit, requested_config, |
| 550 primary_config, crypto_proof, result, done_cb); | 547 primary_config, crypto_proof, std::move(result), |
| 548 std::move(done_cb)); |
| 551 } else { | 549 } else { |
| 552 done_cb->Run(result, nullptr /* proof_source_details */); | 550 done_cb->Run(std::move(result), /* details = */ nullptr); |
| 553 } | 551 } |
| 554 } | 552 } |
| 555 | 553 |
| 556 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello( | 554 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello( |
| 557 const ValidateClientHelloResultCallback::Result& validate_chlo_result, | 555 const ValidateClientHelloResultCallback::Result& validate_chlo_result, |
| 558 bool reject_only, | 556 bool reject_only, |
| 559 QuicConnectionId connection_id, | 557 QuicConnectionId connection_id, |
| 560 const IPAddress& server_ip, | 558 const IPAddress& server_ip, |
| 561 const IPEndPoint& client_address, | 559 const IPEndPoint& client_address, |
| 562 QuicVersion version, | 560 QuicVersion version, |
| (...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 793 string hkdf_input; | 791 string hkdf_input; |
| 794 size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; | 792 size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; |
| 795 hkdf_input.reserve(label_len + hkdf_suffix.size()); | 793 hkdf_input.reserve(label_len + hkdf_suffix.size()); |
| 796 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); | 794 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); |
| 797 hkdf_input.append(hkdf_suffix); | 795 hkdf_input.append(hkdf_suffix); |
| 798 | 796 |
| 799 string* subkey_secret = ¶ms->initial_subkey_secret; | 797 string* subkey_secret = ¶ms->initial_subkey_secret; |
| 800 CryptoUtils::Diversification diversification = | 798 CryptoUtils::Diversification diversification = |
| 801 CryptoUtils::Diversification::Never(); | 799 CryptoUtils::Diversification::Never(); |
| 802 if (version > QUIC_VERSION_32) { | 800 if (version > QUIC_VERSION_32) { |
| 803 rand->RandBytes(reinterpret_cast<char*>(out_diversification_nonce), | 801 rand->RandBytes(out_diversification_nonce->data(), |
| 804 sizeof(*out_diversification_nonce)); | 802 out_diversification_nonce->size()); |
| 805 diversification = | 803 diversification = |
| 806 CryptoUtils::Diversification::Now(out_diversification_nonce); | 804 CryptoUtils::Diversification::Now(out_diversification_nonce); |
| 807 } | 805 } |
| 808 | 806 |
| 809 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, | 807 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, |
| 810 info.client_nonce, info.server_nonce, hkdf_input, | 808 info.client_nonce, info.server_nonce, hkdf_input, |
| 811 Perspective::IS_SERVER, diversification, | 809 Perspective::IS_SERVER, diversification, |
| 812 ¶ms->initial_crypters, subkey_secret)) { | 810 ¶ms->initial_crypters, subkey_secret)) { |
| 813 *error_details = "Symmetric key setup failed"; | 811 *error_details = "Symmetric key setup failed"; |
| 814 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; | 812 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; |
| (...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 996 public: | 994 public: |
| 997 EvaluateClientHelloCallback( | 995 EvaluateClientHelloCallback( |
| 998 const QuicCryptoServerConfig& config, | 996 const QuicCryptoServerConfig& config, |
| 999 bool found_error, | 997 bool found_error, |
| 1000 const IPAddress& server_ip, | 998 const IPAddress& server_ip, |
| 1001 QuicVersion version, | 999 QuicVersion version, |
| 1002 const uint8_t* primary_orbit, | 1000 const uint8_t* primary_orbit, |
| 1003 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, | 1001 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, |
| 1004 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, | 1002 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, |
| 1005 QuicCryptoProof* crypto_proof, | 1003 QuicCryptoProof* crypto_proof, |
| 1006 ValidateClientHelloResultCallback::Result* client_hello_state, | 1004 std::unique_ptr<ValidateClientHelloResultCallback::Result> |
| 1007 ValidateClientHelloResultCallback* done_cb) | 1005 client_hello_state, |
| 1006 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) |
| 1008 : config_(config), | 1007 : config_(config), |
| 1009 found_error_(found_error), | 1008 found_error_(found_error), |
| 1010 server_ip_(server_ip), | 1009 server_ip_(server_ip), |
| 1011 version_(version), | 1010 version_(version), |
| 1012 primary_orbit_(primary_orbit), | 1011 primary_orbit_(primary_orbit), |
| 1013 requested_config_(std::move(requested_config)), | 1012 requested_config_(std::move(requested_config)), |
| 1014 primary_config_(std::move(primary_config)), | 1013 primary_config_(std::move(primary_config)), |
| 1015 crypto_proof_(crypto_proof), | 1014 crypto_proof_(crypto_proof), |
| 1016 client_hello_state_(client_hello_state), | 1015 client_hello_state_(std::move(client_hello_state)), |
| 1017 done_cb_(done_cb) {} | 1016 done_cb_(std::move(done_cb)) {} |
| 1018 | 1017 |
| 1019 void Run(bool ok, | 1018 void Run(bool ok, |
| 1020 const scoped_refptr<ProofSource::Chain>& chain, | 1019 const scoped_refptr<ProofSource::Chain>& chain, |
| 1021 const string& signature, | 1020 const string& signature, |
| 1022 const string& leaf_cert_sct, | 1021 const string& leaf_cert_sct, |
| 1023 std::unique_ptr<ProofSource::Details> details) override { | 1022 std::unique_ptr<ProofSource::Details> details) override { |
| 1024 if (ok) { | 1023 if (ok) { |
| 1025 crypto_proof_->chain = chain; | 1024 crypto_proof_->chain = chain; |
| 1026 crypto_proof_->signature = signature; | 1025 crypto_proof_->signature = signature; |
| 1027 crypto_proof_->cert_sct = leaf_cert_sct; | 1026 crypto_proof_->cert_sct = leaf_cert_sct; |
| 1028 } | 1027 } |
| 1029 config_.EvaluateClientHelloAfterGetProof( | 1028 config_.EvaluateClientHelloAfterGetProof( |
| 1030 found_error_, server_ip_, version_, primary_orbit_, requested_config_, | 1029 found_error_, server_ip_, version_, primary_orbit_, requested_config_, |
| 1031 primary_config_, crypto_proof_, std::move(details), !ok, | 1030 primary_config_, crypto_proof_, std::move(details), !ok, |
| 1032 client_hello_state_, done_cb_); | 1031 std::move(client_hello_state_), std::move(done_cb_)); |
| 1033 } | 1032 } |
| 1034 | 1033 |
| 1035 private: | 1034 private: |
| 1036 const QuicCryptoServerConfig& config_; | 1035 const QuicCryptoServerConfig& config_; |
| 1037 const bool found_error_; | 1036 const bool found_error_; |
| 1038 const IPAddress& server_ip_; | 1037 const IPAddress& server_ip_; |
| 1039 const QuicVersion version_; | 1038 const QuicVersion version_; |
| 1040 const uint8_t* primary_orbit_; | 1039 const uint8_t* primary_orbit_; |
| 1041 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; | 1040 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; |
| 1042 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; | 1041 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; |
| 1043 QuicCryptoProof* crypto_proof_; | 1042 QuicCryptoProof* crypto_proof_; |
| 1044 ValidateClientHelloResultCallback::Result* client_hello_state_; | 1043 std::unique_ptr<ValidateClientHelloResultCallback::Result> |
| 1045 ValidateClientHelloResultCallback* done_cb_; | 1044 client_hello_state_; |
| 1045 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; |
| 1046 }; | 1046 }; |
| 1047 | 1047 |
| 1048 void QuicCryptoServerConfig::EvaluateClientHello( | 1048 void QuicCryptoServerConfig::EvaluateClientHello( |
| 1049 const IPAddress& server_ip, | 1049 const IPAddress& server_ip, |
| 1050 QuicVersion version, | 1050 QuicVersion version, |
| 1051 const uint8_t* primary_orbit, | 1051 const uint8_t* primary_orbit, |
| 1052 scoped_refptr<Config> requested_config, | 1052 scoped_refptr<Config> requested_config, |
| 1053 scoped_refptr<Config> primary_config, | 1053 scoped_refptr<Config> primary_config, |
| 1054 QuicCryptoProof* crypto_proof, | 1054 QuicCryptoProof* crypto_proof, |
| 1055 ValidateClientHelloResultCallback::Result* client_hello_state, | 1055 std::unique_ptr<ValidateClientHelloResultCallback::Result> |
| 1056 ValidateClientHelloResultCallback* done_cb) const { | 1056 client_hello_state, |
| 1057 ValidateClientHelloHelper helper(client_hello_state, done_cb); | 1057 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1058 ValidateClientHelloHelper helper(&client_hello_state, &done_cb); |
| 1058 | 1059 |
| 1059 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1060 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1060 ClientHelloInfo* info = &(client_hello_state->info); | 1061 ClientHelloInfo* info = &(client_hello_state->info); |
| 1061 | 1062 |
| 1062 if (client_hello.size() < kClientHelloMinimumSize) { | 1063 if (client_hello.size() < kClientHelloMinimumSize) { |
| 1063 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, | 1064 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, |
| 1064 "Client hello too small", nullptr); | 1065 "Client hello too small", nullptr); |
| 1065 return; | 1066 return; |
| 1066 } | 1067 } |
| 1067 | 1068 |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1125 bool need_proof = true; | 1126 bool need_proof = true; |
| 1126 need_proof = !crypto_proof->chain; | 1127 need_proof = !crypto_proof->chain; |
| 1127 if (FLAGS_enable_async_get_proof) { | 1128 if (FLAGS_enable_async_get_proof) { |
| 1128 if (need_proof) { | 1129 if (need_proof) { |
| 1129 // Make an async call to GetProof and setup the callback to trampoline | 1130 // Make an async call to GetProof and setup the callback to trampoline |
| 1130 // back into EvaluateClientHelloAfterGetProof | 1131 // back into EvaluateClientHelloAfterGetProof |
| 1131 std::unique_ptr<EvaluateClientHelloCallback> cb( | 1132 std::unique_ptr<EvaluateClientHelloCallback> cb( |
| 1132 new EvaluateClientHelloCallback( | 1133 new EvaluateClientHelloCallback( |
| 1133 *this, found_error, server_ip, version, primary_orbit, | 1134 *this, found_error, server_ip, version, primary_orbit, |
| 1134 requested_config, primary_config, crypto_proof, | 1135 requested_config, primary_config, crypto_proof, |
| 1135 client_hello_state, done_cb)); | 1136 std::move(client_hello_state), std::move(done_cb))); |
| 1136 proof_source_->GetProof(server_ip, info->sni.as_string(), | 1137 proof_source_->GetProof(server_ip, info->sni.as_string(), |
| 1137 serialized_config, version, chlo_hash, | 1138 serialized_config, version, chlo_hash, |
| 1138 std::move(cb)); | 1139 std::move(cb)); |
| 1139 helper.DetachCallback(); | 1140 helper.DetachCallback(); |
| 1140 return; | 1141 return; |
| 1141 } | 1142 } |
| 1142 } | 1143 } |
| 1143 | 1144 |
| 1144 // No need to get a new proof if one was already generated. | 1145 // No need to get a new proof if one was already generated. |
| 1145 if (need_proof && | 1146 if (need_proof && |
| 1146 !proof_source_->GetProof(server_ip, info->sni.as_string(), | 1147 !proof_source_->GetProof(server_ip, info->sni.as_string(), |
| 1147 serialized_config, version, chlo_hash, | 1148 serialized_config, version, chlo_hash, |
| 1148 &crypto_proof->chain, &crypto_proof->signature, | 1149 &crypto_proof->chain, &crypto_proof->signature, |
| 1149 &crypto_proof->cert_sct)) { | 1150 &crypto_proof->cert_sct)) { |
| 1150 get_proof_failed = true; | 1151 get_proof_failed = true; |
| 1151 } | 1152 } |
| 1152 | 1153 |
| 1153 // Details are null because the synchronous version of GetProof does not | 1154 // Details are null because the synchronous version of GetProof does not |
| 1154 // return any stats. Eventually the synchronous codepath will be eliminated. | 1155 // return any stats. Eventually the synchronous codepath will be eliminated. |
| 1155 EvaluateClientHelloAfterGetProof( | 1156 EvaluateClientHelloAfterGetProof( |
| 1156 found_error, server_ip, version, primary_orbit, requested_config, | 1157 found_error, server_ip, version, primary_orbit, requested_config, |
| 1157 primary_config, crypto_proof, nullptr /* proof_source_details */, | 1158 primary_config, crypto_proof, nullptr /* proof_source_details */, |
| 1158 get_proof_failed, client_hello_state, done_cb); | 1159 get_proof_failed, std::move(client_hello_state), std::move(done_cb)); |
| 1159 helper.DetachCallback(); | 1160 helper.DetachCallback(); |
| 1160 } | 1161 } |
| 1161 | 1162 |
| 1162 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( | 1163 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( |
| 1163 bool found_error, | 1164 bool found_error, |
| 1164 const IPAddress& server_ip, | 1165 const IPAddress& server_ip, |
| 1165 QuicVersion version, | 1166 QuicVersion version, |
| 1166 const uint8_t* primary_orbit, | 1167 const uint8_t* primary_orbit, |
| 1167 scoped_refptr<Config> requested_config, | 1168 scoped_refptr<Config> requested_config, |
| 1168 scoped_refptr<Config> primary_config, | 1169 scoped_refptr<Config> primary_config, |
| 1169 QuicCryptoProof* crypto_proof, | 1170 QuicCryptoProof* crypto_proof, |
| 1170 std::unique_ptr<ProofSource::Details> proof_source_details, | 1171 std::unique_ptr<ProofSource::Details> proof_source_details, |
| 1171 bool get_proof_failed, | 1172 bool get_proof_failed, |
| 1172 ValidateClientHelloResultCallback::Result* client_hello_state, | 1173 std::unique_ptr<ValidateClientHelloResultCallback::Result> |
| 1173 ValidateClientHelloResultCallback* done_cb) const { | 1174 client_hello_state, |
| 1174 ValidateClientHelloHelper helper(client_hello_state, done_cb); | 1175 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1176 ValidateClientHelloHelper helper(&client_hello_state, &done_cb); |
| 1175 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1177 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1176 ClientHelloInfo* info = &(client_hello_state->info); | 1178 ClientHelloInfo* info = &(client_hello_state->info); |
| 1177 | 1179 |
| 1178 if (get_proof_failed) { | 1180 if (get_proof_failed) { |
| 1179 found_error = true; | 1181 found_error = true; |
| 1180 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); | 1182 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); |
| 1181 } | 1183 } |
| 1182 | 1184 |
| 1183 if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) { | 1185 if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) { |
| 1184 found_error = true; | 1186 found_error = true; |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1260 // Since neither are present, reject the handshake which will send a | 1262 // Since neither are present, reject the handshake which will send a |
| 1261 // server nonce to the client. | 1263 // server nonce to the client. |
| 1262 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE); | 1264 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE); |
| 1263 helper.ValidationComplete(QUIC_NO_ERROR, "", | 1265 helper.ValidationComplete(QUIC_NO_ERROR, "", |
| 1264 std::move(proof_source_details)); | 1266 std::move(proof_source_details)); |
| 1265 return; | 1267 return; |
| 1266 } | 1268 } |
| 1267 | 1269 |
| 1268 strike_register_client->VerifyNonceIsValidAndUnique( | 1270 strike_register_client->VerifyNonceIsValidAndUnique( |
| 1269 info->client_nonce, info->now, | 1271 info->client_nonce, info->now, |
| 1270 new VerifyNonceIsValidAndUniqueCallback( | 1272 new VerifyNonceIsValidAndUniqueCallback(std::move(client_hello_state), |
| 1271 client_hello_state, std::move(proof_source_details), done_cb)); | 1273 std::move(proof_source_details), |
| 1274 std::move(done_cb))); |
| 1272 helper.DetachCallback(); | 1275 helper.DetachCallback(); |
| 1273 } | 1276 } |
| 1274 | 1277 |
| 1275 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( | 1278 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( |
| 1276 QuicVersion version, | 1279 QuicVersion version, |
| 1277 StringPiece chlo_hash, | 1280 StringPiece chlo_hash, |
| 1278 const SourceAddressTokens& previous_source_address_tokens, | 1281 const SourceAddressTokens& previous_source_address_tokens, |
| 1279 const IPAddress& server_ip, | 1282 const IPAddress& server_ip, |
| 1280 const IPAddress& client_ip, | 1283 const IPAddress& client_ip, |
| 1281 const QuicClock* clock, | 1284 const QuicClock* clock, |
| (...skipping 528 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1810 uint32_t window_secs) { | 1813 uint32_t window_secs) { |
| 1811 DCHECK(!server_nonce_strike_register_.get()); | 1814 DCHECK(!server_nonce_strike_register_.get()); |
| 1812 server_nonce_strike_register_window_secs_ = window_secs; | 1815 server_nonce_strike_register_window_secs_ = window_secs; |
| 1813 } | 1816 } |
| 1814 | 1817 |
| 1815 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) { | 1818 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) { |
| 1816 enable_serving_sct_ = enable_serving_sct; | 1819 enable_serving_sct_ = enable_serving_sct; |
| 1817 } | 1820 } |
| 1818 | 1821 |
| 1819 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb( | 1822 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb( |
| 1820 PrimaryConfigChangedCallback* cb) { | 1823 std::unique_ptr<PrimaryConfigChangedCallback> cb) { |
| 1821 base::AutoLock locked(configs_lock_); | 1824 base::AutoLock locked(configs_lock_); |
| 1822 primary_config_changed_cb_.reset(cb); | 1825 primary_config_changed_cb_ = std::move(cb); |
| 1823 } | 1826 } |
| 1824 | 1827 |
| 1825 string QuicCryptoServerConfig::NewSourceAddressToken( | 1828 string QuicCryptoServerConfig::NewSourceAddressToken( |
| 1826 const Config& config, | 1829 const Config& config, |
| 1827 const SourceAddressTokens& previous_tokens, | 1830 const SourceAddressTokens& previous_tokens, |
| 1828 const IPAddress& ip, | 1831 const IPAddress& ip, |
| 1829 QuicRandom* rand, | 1832 QuicRandom* rand, |
| 1830 QuicWallTime now, | 1833 QuicWallTime now, |
| 1831 const CachedNetworkParameters* cached_network_params) const { | 1834 const CachedNetworkParameters* cached_network_params) const { |
| 1832 SourceAddressTokens source_address_tokens; | 1835 SourceAddressTokens source_address_tokens; |
| (...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2068 priority(0), | 2071 priority(0), |
| 2069 source_address_token_boxer(nullptr) {} | 2072 source_address_token_boxer(nullptr) {} |
| 2070 | 2073 |
| 2071 QuicCryptoServerConfig::Config::~Config() { | 2074 QuicCryptoServerConfig::Config::~Config() { |
| 2072 base::STLDeleteElements(&key_exchanges); | 2075 base::STLDeleteElements(&key_exchanges); |
| 2073 } | 2076 } |
| 2074 | 2077 |
| 2075 QuicCryptoProof::QuicCryptoProof() {} | 2078 QuicCryptoProof::QuicCryptoProof() {} |
| 2076 QuicCryptoProof::~QuicCryptoProof() {} | 2079 QuicCryptoProof::~QuicCryptoProof() {} |
| 2077 } // namespace net | 2080 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2334363002:
Landing Recent QUIC changes until Sat Sep 10 00:32:41 (Closed)
