| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 if (ip.IsIPv4()) { | 74 if (ip.IsIPv4()) { |
| 75 return ConvertIPv4ToIPv4MappedIPv6(ip); | 75 return ConvertIPv4ToIPv4MappedIPv6(ip); |
| 76 } | 76 } |
| 77 return ip; | 77 return ip; |
| 78 } | 78 } |
| 79 | 79 |
| 80 } // namespace | 80 } // namespace |
| 81 | 81 |
| 82 class ValidateClientHelloHelper { | 82 class ValidateClientHelloHelper { |
| 83 public: | 83 public: |
| 84 ValidateClientHelloHelper(ValidateClientHelloResultCallback::Result* result, | 84 // Note: stores a pointer to a unique_ptr, and std::moves the unique_ptr when |
| 85 ValidateClientHelloResultCallback* done_cb) | 85 // ValidationComplete is called. |
| 86 ValidateClientHelloHelper( |
| 87 std::unique_ptr<ValidateClientHelloResultCallback::Result>* result, |
| 88 ValidateClientHelloResultCallback* done_cb) |
| 86 : result_(result), done_cb_(done_cb) {} | 89 : result_(result), done_cb_(done_cb) {} |
| 87 | 90 |
| 88 ~ValidateClientHelloHelper() { | 91 ~ValidateClientHelloHelper() { |
| 89 QUIC_BUG_IF(done_cb_ != nullptr) | 92 QUIC_BUG_IF(done_cb_ != nullptr) |
| 90 << "Deleting ValidateClientHelloHelper with a pending callback."; | 93 << "Deleting ValidateClientHelloHelper with a pending callback."; |
| 91 } | 94 } |
| 92 | 95 |
| 93 void ValidationComplete( | 96 void ValidationComplete( |
| 94 QuicErrorCode error_code, | 97 QuicErrorCode error_code, |
| 95 const char* error_details, | 98 const char* error_details, |
| 96 std::unique_ptr<ProofSource::Details> proof_source_details) { | 99 std::unique_ptr<ProofSource::Details> proof_source_details) { |
| 97 result_->error_code = error_code; | 100 (*result_)->error_code = error_code; |
| 98 result_->error_details = error_details; | 101 (*result_)->error_details = error_details; |
| 99 done_cb_->Run(result_, std::move(proof_source_details)); | 102 done_cb_->Run(std::move(*result_), std::move(proof_source_details)); |
| 100 DetachCallback(); | 103 DetachCallback(); |
| 101 } | 104 } |
| 102 | 105 |
| 103 void DetachCallback() { | 106 void DetachCallback() { |
| 104 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; | 107 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; |
| 105 done_cb_ = nullptr; | 108 done_cb_ = nullptr; |
| 106 } | 109 } |
| 107 | 110 |
| 108 private: | 111 private: |
| 109 ValidateClientHelloResultCallback::Result* result_; | 112 std::unique_ptr<ValidateClientHelloResultCallback::Result>* result_; |
| 110 ValidateClientHelloResultCallback* done_cb_; | 113 ValidateClientHelloResultCallback* done_cb_; |
| 111 | 114 |
| 112 DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper); | 115 DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper); |
| 113 }; | 116 }; |
| 114 | 117 |
| 115 class VerifyNonceIsValidAndUniqueCallback | 118 class VerifyNonceIsValidAndUniqueCallback |
| 116 : public StrikeRegisterClient::ResultCallback { | 119 : public StrikeRegisterClient::ResultCallback { |
| 117 public: | 120 public: |
| 118 VerifyNonceIsValidAndUniqueCallback( | 121 VerifyNonceIsValidAndUniqueCallback( |
| 119 ValidateClientHelloResultCallback::Result* result, | 122 std::unique_ptr<ValidateClientHelloResultCallback::Result> result, |
| 120 std::unique_ptr<ProofSource::Details> proof_source_details, | 123 std::unique_ptr<ProofSource::Details> proof_source_details, |
| 121 ValidateClientHelloResultCallback* done_cb) | 124 ValidateClientHelloResultCallback* done_cb) |
| 122 : result_(result), | 125 : result_(std::move(result)), |
| 123 proof_source_details_(std::move(proof_source_details)), | 126 proof_source_details_(std::move(proof_source_details)), |
| 124 done_cb_(done_cb) {} | 127 done_cb_(done_cb) {} |
| 125 | 128 |
| 126 protected: | 129 protected: |
| 127 void RunImpl(bool nonce_is_valid_and_unique, | 130 void RunImpl(bool nonce_is_valid_and_unique, |
| 128 InsertStatus nonce_error) override { | 131 InsertStatus nonce_error) override { |
| 129 DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique | 132 DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique |
| 130 << " nonce_error: " << nonce_error; | 133 << " nonce_error: " << nonce_error; |
| 131 if (!nonce_is_valid_and_unique) { | 134 if (!nonce_is_valid_and_unique) { |
| 132 HandshakeFailureReason client_nonce_error; | 135 HandshakeFailureReason client_nonce_error; |
| (...skipping 20 matching lines...) Expand all Loading... |
| 153 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; | 156 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; |
| 154 break; | 157 break; |
| 155 case NONCE_OK: | 158 case NONCE_OK: |
| 156 default: | 159 default: |
| 157 QUIC_BUG << "Unexpected client nonce error: " << nonce_error; | 160 QUIC_BUG << "Unexpected client nonce error: " << nonce_error; |
| 158 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; | 161 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; |
| 159 break; | 162 break; |
| 160 } | 163 } |
| 161 result_->info.reject_reasons.push_back(client_nonce_error); | 164 result_->info.reject_reasons.push_back(client_nonce_error); |
| 162 } | 165 } |
| 163 done_cb_->Run(result_, std::move(proof_source_details_)); | 166 done_cb_->Run(std::move(result_), std::move(proof_source_details_)); |
| 164 } | 167 } |
| 165 | 168 |
| 166 private: | 169 private: |
| 167 ValidateClientHelloResultCallback::Result* result_; | 170 std::unique_ptr<ValidateClientHelloResultCallback::Result> result_; |
| 168 std::unique_ptr<ProofSource::Details> proof_source_details_; | 171 std::unique_ptr<ProofSource::Details> proof_source_details_; |
| 169 ValidateClientHelloResultCallback* done_cb_; | 172 ValidateClientHelloResultCallback* done_cb_; |
| 170 | 173 |
| 171 DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback); | 174 DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback); |
| 172 }; | 175 }; |
| 173 | 176 |
| 174 // static | 177 // static |
| 175 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing"; | 178 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing"; |
| 176 | 179 |
| 177 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip, | 180 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip, |
| (...skipping 14 matching lines...) Expand all Loading... |
| 192 info(in_client_ip, in_now), | 195 info(in_client_ip, in_now), |
| 193 error_code(QUIC_NO_ERROR) {} | 196 error_code(QUIC_NO_ERROR) {} |
| 194 | 197 |
| 195 ValidateClientHelloResultCallback::Result::~Result() {} | 198 ValidateClientHelloResultCallback::Result::~Result() {} |
| 196 | 199 |
| 197 ValidateClientHelloResultCallback::ValidateClientHelloResultCallback() {} | 200 ValidateClientHelloResultCallback::ValidateClientHelloResultCallback() {} |
| 198 | 201 |
| 199 ValidateClientHelloResultCallback::~ValidateClientHelloResultCallback() {} | 202 ValidateClientHelloResultCallback::~ValidateClientHelloResultCallback() {} |
| 200 | 203 |
| 201 void ValidateClientHelloResultCallback::Run( | 204 void ValidateClientHelloResultCallback::Run( |
| 202 const Result* result, | 205 std::unique_ptr<Result> result, |
| 203 std::unique_ptr<ProofSource::Details> details) { | 206 std::unique_ptr<ProofSource::Details> details) { |
| 204 RunImpl(result->client_hello, *result, std::move(details)); | 207 RunImpl(std::move(result), std::move(details)); |
| 205 delete result; | |
| 206 delete this; | 208 delete this; |
| 207 } | 209 } |
| 208 | 210 |
| 209 QuicCryptoServerConfig::ConfigOptions::ConfigOptions() | 211 QuicCryptoServerConfig::ConfigOptions::ConfigOptions() |
| 210 : expiry_time(QuicWallTime::Zero()), | 212 : expiry_time(QuicWallTime::Zero()), |
| 211 channel_id_enabled(false), | 213 channel_id_enabled(false), |
| 212 token_binding_enabled(false), | 214 token_binding_enabled(false), |
| 213 p256(false) {} | 215 p256(false) {} |
| 214 | 216 |
| 215 QuicCryptoServerConfig::ConfigOptions::ConfigOptions( | 217 QuicCryptoServerConfig::ConfigOptions::ConfigOptions( |
| (...skipping 282 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 498 void QuicCryptoServerConfig::ValidateClientHello( | 500 void QuicCryptoServerConfig::ValidateClientHello( |
| 499 const CryptoHandshakeMessage& client_hello, | 501 const CryptoHandshakeMessage& client_hello, |
| 500 const IPAddress& client_ip, | 502 const IPAddress& client_ip, |
| 501 const IPAddress& server_ip, | 503 const IPAddress& server_ip, |
| 502 QuicVersion version, | 504 QuicVersion version, |
| 503 const QuicClock* clock, | 505 const QuicClock* clock, |
| 504 QuicCryptoProof* crypto_proof, | 506 QuicCryptoProof* crypto_proof, |
| 505 ValidateClientHelloResultCallback* done_cb) const { | 507 ValidateClientHelloResultCallback* done_cb) const { |
| 506 const QuicWallTime now(clock->WallNow()); | 508 const QuicWallTime now(clock->WallNow()); |
| 507 | 509 |
| 508 ValidateClientHelloResultCallback::Result* result = | 510 std::unique_ptr<ValidateClientHelloResultCallback::Result> result( |
| 509 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, | 511 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, |
| 510 now); | 512 now)); |
| 511 | 513 |
| 512 StringPiece requested_scid; | 514 StringPiece requested_scid; |
| 513 client_hello.GetStringPiece(kSCID, &requested_scid); | 515 client_hello.GetStringPiece(kSCID, &requested_scid); |
| 514 | 516 |
| 515 uint8_t primary_orbit[kOrbitSize]; | 517 uint8_t primary_orbit[kOrbitSize]; |
| 516 scoped_refptr<Config> requested_config; | 518 scoped_refptr<Config> requested_config; |
| 517 scoped_refptr<Config> primary_config; | 519 scoped_refptr<Config> primary_config; |
| 518 { | 520 { |
| 519 base::AutoLock locked(configs_lock_); | 521 base::AutoLock locked(configs_lock_); |
| 520 | 522 |
| (...skipping 18 matching lines...) Expand all Loading... |
| 539 | 541 |
| 540 if (result->error_code == QUIC_NO_ERROR) { | 542 if (result->error_code == QUIC_NO_ERROR) { |
| 541 if (version > QUIC_VERSION_30) { | 543 if (version > QUIC_VERSION_30) { |
| 542 // QUIC v31 and above require a new proof for each CHLO so clear the | 544 // QUIC v31 and above require a new proof for each CHLO so clear the |
| 543 // existing proof, if any. | 545 // existing proof, if any. |
| 544 crypto_proof->chain = nullptr; | 546 crypto_proof->chain = nullptr; |
| 545 crypto_proof->signature = ""; | 547 crypto_proof->signature = ""; |
| 546 crypto_proof->cert_sct = ""; | 548 crypto_proof->cert_sct = ""; |
| 547 } | 549 } |
| 548 EvaluateClientHello(server_ip, version, primary_orbit, requested_config, | 550 EvaluateClientHello(server_ip, version, primary_orbit, requested_config, |
| 549 primary_config, crypto_proof, result, done_cb); | 551 primary_config, crypto_proof, std::move(result), |
| 552 done_cb); |
| 550 } else { | 553 } else { |
| 551 done_cb->Run(result, nullptr /* proof_source_details */); | 554 done_cb->Run(std::move(result), /* details = */ nullptr); |
| 552 } | 555 } |
| 553 } | 556 } |
| 554 | 557 |
| 555 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello( | 558 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello( |
| 556 const ValidateClientHelloResultCallback::Result& validate_chlo_result, | 559 const ValidateClientHelloResultCallback::Result& validate_chlo_result, |
| 557 bool reject_only, | 560 bool reject_only, |
| 558 QuicConnectionId connection_id, | 561 QuicConnectionId connection_id, |
| 559 const IPAddress& server_ip, | 562 const IPAddress& server_ip, |
| 560 const IPEndPoint& client_address, | 563 const IPEndPoint& client_address, |
| 561 QuicVersion version, | 564 QuicVersion version, |
| (...skipping 433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 995 public: | 998 public: |
| 996 EvaluateClientHelloCallback( | 999 EvaluateClientHelloCallback( |
| 997 const QuicCryptoServerConfig& config, | 1000 const QuicCryptoServerConfig& config, |
| 998 bool found_error, | 1001 bool found_error, |
| 999 const IPAddress& server_ip, | 1002 const IPAddress& server_ip, |
| 1000 QuicVersion version, | 1003 QuicVersion version, |
| 1001 const uint8_t* primary_orbit, | 1004 const uint8_t* primary_orbit, |
| 1002 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, | 1005 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, |
| 1003 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, | 1006 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, |
| 1004 QuicCryptoProof* crypto_proof, | 1007 QuicCryptoProof* crypto_proof, |
| 1005 ValidateClientHelloResultCallback::Result* client_hello_state, | 1008 std::unique_ptr<ValidateClientHelloResultCallback::Result> |
| 1009 client_hello_state, |
| 1006 ValidateClientHelloResultCallback* done_cb) | 1010 ValidateClientHelloResultCallback* done_cb) |
| 1007 : config_(config), | 1011 : config_(config), |
| 1008 found_error_(found_error), | 1012 found_error_(found_error), |
| 1009 server_ip_(server_ip), | 1013 server_ip_(server_ip), |
| 1010 version_(version), | 1014 version_(version), |
| 1011 primary_orbit_(primary_orbit), | 1015 primary_orbit_(primary_orbit), |
| 1012 requested_config_(std::move(requested_config)), | 1016 requested_config_(std::move(requested_config)), |
| 1013 primary_config_(std::move(primary_config)), | 1017 primary_config_(std::move(primary_config)), |
| 1014 crypto_proof_(crypto_proof), | 1018 crypto_proof_(crypto_proof), |
| 1015 client_hello_state_(client_hello_state), | 1019 client_hello_state_(std::move(client_hello_state)), |
| 1016 done_cb_(done_cb) {} | 1020 done_cb_(done_cb) {} |
| 1017 | 1021 |
| 1018 void Run(bool ok, | 1022 void Run(bool ok, |
| 1019 const scoped_refptr<ProofSource::Chain>& chain, | 1023 const scoped_refptr<ProofSource::Chain>& chain, |
| 1020 const string& signature, | 1024 const string& signature, |
| 1021 const string& leaf_cert_sct, | 1025 const string& leaf_cert_sct, |
| 1022 std::unique_ptr<ProofSource::Details> details) override { | 1026 std::unique_ptr<ProofSource::Details> details) override { |
| 1023 if (ok) { | 1027 if (ok) { |
| 1024 crypto_proof_->chain = chain; | 1028 crypto_proof_->chain = chain; |
| 1025 crypto_proof_->signature = signature; | 1029 crypto_proof_->signature = signature; |
| 1026 crypto_proof_->cert_sct = leaf_cert_sct; | 1030 crypto_proof_->cert_sct = leaf_cert_sct; |
| 1027 } | 1031 } |
| 1028 config_.EvaluateClientHelloAfterGetProof( | 1032 config_.EvaluateClientHelloAfterGetProof( |
| 1029 found_error_, server_ip_, version_, primary_orbit_, requested_config_, | 1033 found_error_, server_ip_, version_, primary_orbit_, requested_config_, |
| 1030 primary_config_, crypto_proof_, std::move(details), !ok, | 1034 primary_config_, crypto_proof_, std::move(details), !ok, |
| 1031 client_hello_state_, done_cb_); | 1035 std::move(client_hello_state_), done_cb_); |
| 1032 } | 1036 } |
| 1033 | 1037 |
| 1034 private: | 1038 private: |
| 1035 const QuicCryptoServerConfig& config_; | 1039 const QuicCryptoServerConfig& config_; |
| 1036 const bool found_error_; | 1040 const bool found_error_; |
| 1037 const IPAddress& server_ip_; | 1041 const IPAddress& server_ip_; |
| 1038 const QuicVersion version_; | 1042 const QuicVersion version_; |
| 1039 const uint8_t* primary_orbit_; | 1043 const uint8_t* primary_orbit_; |
| 1040 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; | 1044 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; |
| 1041 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; | 1045 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; |
| 1042 QuicCryptoProof* crypto_proof_; | 1046 QuicCryptoProof* crypto_proof_; |
| 1043 ValidateClientHelloResultCallback::Result* client_hello_state_; | 1047 std::unique_ptr<ValidateClientHelloResultCallback::Result> |
| 1048 client_hello_state_; |
| 1044 ValidateClientHelloResultCallback* done_cb_; | 1049 ValidateClientHelloResultCallback* done_cb_; |
| 1045 }; | 1050 }; |
| 1046 | 1051 |
| 1047 void QuicCryptoServerConfig::EvaluateClientHello( | 1052 void QuicCryptoServerConfig::EvaluateClientHello( |
| 1048 const IPAddress& server_ip, | 1053 const IPAddress& server_ip, |
| 1049 QuicVersion version, | 1054 QuicVersion version, |
| 1050 const uint8_t* primary_orbit, | 1055 const uint8_t* primary_orbit, |
| 1051 scoped_refptr<Config> requested_config, | 1056 scoped_refptr<Config> requested_config, |
| 1052 scoped_refptr<Config> primary_config, | 1057 scoped_refptr<Config> primary_config, |
| 1053 QuicCryptoProof* crypto_proof, | 1058 QuicCryptoProof* crypto_proof, |
| 1054 ValidateClientHelloResultCallback::Result* client_hello_state, | 1059 std::unique_ptr<ValidateClientHelloResultCallback::Result> |
| 1060 client_hello_state, |
| 1055 ValidateClientHelloResultCallback* done_cb) const { | 1061 ValidateClientHelloResultCallback* done_cb) const { |
| 1056 ValidateClientHelloHelper helper(client_hello_state, done_cb); | 1062 ValidateClientHelloHelper helper(&client_hello_state, done_cb); |
| 1057 | 1063 |
| 1058 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1064 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1059 ClientHelloInfo* info = &(client_hello_state->info); | 1065 ClientHelloInfo* info = &(client_hello_state->info); |
| 1060 | 1066 |
| 1061 if (client_hello.size() < kClientHelloMinimumSize) { | 1067 if (client_hello.size() < kClientHelloMinimumSize) { |
| 1062 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, | 1068 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, |
| 1063 "Client hello too small", nullptr); | 1069 "Client hello too small", nullptr); |
| 1064 return; | 1070 return; |
| 1065 } | 1071 } |
| 1066 | 1072 |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1124 bool need_proof = true; | 1130 bool need_proof = true; |
| 1125 need_proof = !crypto_proof->chain; | 1131 need_proof = !crypto_proof->chain; |
| 1126 if (FLAGS_enable_async_get_proof) { | 1132 if (FLAGS_enable_async_get_proof) { |
| 1127 if (need_proof) { | 1133 if (need_proof) { |
| 1128 // Make an async call to GetProof and setup the callback to trampoline | 1134 // Make an async call to GetProof and setup the callback to trampoline |
| 1129 // back into EvaluateClientHelloAfterGetProof | 1135 // back into EvaluateClientHelloAfterGetProof |
| 1130 std::unique_ptr<EvaluateClientHelloCallback> cb( | 1136 std::unique_ptr<EvaluateClientHelloCallback> cb( |
| 1131 new EvaluateClientHelloCallback( | 1137 new EvaluateClientHelloCallback( |
| 1132 *this, found_error, server_ip, version, primary_orbit, | 1138 *this, found_error, server_ip, version, primary_orbit, |
| 1133 requested_config, primary_config, crypto_proof, | 1139 requested_config, primary_config, crypto_proof, |
| 1134 client_hello_state, done_cb)); | 1140 std::move(client_hello_state), done_cb)); |
| 1135 proof_source_->GetProof(server_ip, info->sni.as_string(), | 1141 proof_source_->GetProof(server_ip, info->sni.as_string(), |
| 1136 serialized_config, version, chlo_hash, | 1142 serialized_config, version, chlo_hash, |
| 1137 std::move(cb)); | 1143 std::move(cb)); |
| 1138 helper.DetachCallback(); | 1144 helper.DetachCallback(); |
| 1139 return; | 1145 return; |
| 1140 } | 1146 } |
| 1141 } | 1147 } |
| 1142 | 1148 |
| 1143 // No need to get a new proof if one was already generated. | 1149 // No need to get a new proof if one was already generated. |
| 1144 if (need_proof && | 1150 if (need_proof && |
| 1145 !proof_source_->GetProof(server_ip, info->sni.as_string(), | 1151 !proof_source_->GetProof(server_ip, info->sni.as_string(), |
| 1146 serialized_config, version, chlo_hash, | 1152 serialized_config, version, chlo_hash, |
| 1147 &crypto_proof->chain, &crypto_proof->signature, | 1153 &crypto_proof->chain, &crypto_proof->signature, |
| 1148 &crypto_proof->cert_sct)) { | 1154 &crypto_proof->cert_sct)) { |
| 1149 get_proof_failed = true; | 1155 get_proof_failed = true; |
| 1150 } | 1156 } |
| 1151 | 1157 |
| 1152 // Details are null because the synchronous version of GetProof does not | 1158 // Details are null because the synchronous version of GetProof does not |
| 1153 // return any stats. Eventually the synchronous codepath will be eliminated. | 1159 // return any stats. Eventually the synchronous codepath will be eliminated. |
| 1154 EvaluateClientHelloAfterGetProof( | 1160 EvaluateClientHelloAfterGetProof( |
| 1155 found_error, server_ip, version, primary_orbit, requested_config, | 1161 found_error, server_ip, version, primary_orbit, requested_config, |
| 1156 primary_config, crypto_proof, nullptr /* proof_source_details */, | 1162 primary_config, crypto_proof, nullptr /* proof_source_details */, |
| 1157 get_proof_failed, client_hello_state, done_cb); | 1163 get_proof_failed, std::move(client_hello_state), done_cb); |
| 1158 helper.DetachCallback(); | 1164 helper.DetachCallback(); |
| 1159 } | 1165 } |
| 1160 | 1166 |
| 1161 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( | 1167 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( |
| 1162 bool found_error, | 1168 bool found_error, |
| 1163 const IPAddress& server_ip, | 1169 const IPAddress& server_ip, |
| 1164 QuicVersion version, | 1170 QuicVersion version, |
| 1165 const uint8_t* primary_orbit, | 1171 const uint8_t* primary_orbit, |
| 1166 scoped_refptr<Config> requested_config, | 1172 scoped_refptr<Config> requested_config, |
| 1167 scoped_refptr<Config> primary_config, | 1173 scoped_refptr<Config> primary_config, |
| 1168 QuicCryptoProof* crypto_proof, | 1174 QuicCryptoProof* crypto_proof, |
| 1169 std::unique_ptr<ProofSource::Details> proof_source_details, | 1175 std::unique_ptr<ProofSource::Details> proof_source_details, |
| 1170 bool get_proof_failed, | 1176 bool get_proof_failed, |
| 1171 ValidateClientHelloResultCallback::Result* client_hello_state, | 1177 std::unique_ptr<ValidateClientHelloResultCallback::Result> |
| 1178 client_hello_state, |
| 1172 ValidateClientHelloResultCallback* done_cb) const { | 1179 ValidateClientHelloResultCallback* done_cb) const { |
| 1173 ValidateClientHelloHelper helper(client_hello_state, done_cb); | 1180 ValidateClientHelloHelper helper(&client_hello_state, done_cb); |
| 1174 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1181 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1175 ClientHelloInfo* info = &(client_hello_state->info); | 1182 ClientHelloInfo* info = &(client_hello_state->info); |
| 1176 | 1183 |
| 1177 if (get_proof_failed) { | 1184 if (get_proof_failed) { |
| 1178 found_error = true; | 1185 found_error = true; |
| 1179 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); | 1186 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); |
| 1180 } | 1187 } |
| 1181 | 1188 |
| 1182 if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) { | 1189 if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) { |
| 1183 found_error = true; | 1190 found_error = true; |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1259 // Since neither are present, reject the handshake which will send a | 1266 // Since neither are present, reject the handshake which will send a |
| 1260 // server nonce to the client. | 1267 // server nonce to the client. |
| 1261 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE); | 1268 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE); |
| 1262 helper.ValidationComplete(QUIC_NO_ERROR, "", | 1269 helper.ValidationComplete(QUIC_NO_ERROR, "", |
| 1263 std::move(proof_source_details)); | 1270 std::move(proof_source_details)); |
| 1264 return; | 1271 return; |
| 1265 } | 1272 } |
| 1266 | 1273 |
| 1267 strike_register_client->VerifyNonceIsValidAndUnique( | 1274 strike_register_client->VerifyNonceIsValidAndUnique( |
| 1268 info->client_nonce, info->now, | 1275 info->client_nonce, info->now, |
| 1269 new VerifyNonceIsValidAndUniqueCallback( | 1276 new VerifyNonceIsValidAndUniqueCallback(std::move(client_hello_state), |
| 1270 client_hello_state, std::move(proof_source_details), done_cb)); | 1277 std::move(proof_source_details), |
| 1278 done_cb)); |
| 1271 helper.DetachCallback(); | 1279 helper.DetachCallback(); |
| 1272 } | 1280 } |
| 1273 | 1281 |
| 1274 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( | 1282 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( |
| 1275 QuicVersion version, | 1283 QuicVersion version, |
| 1276 StringPiece chlo_hash, | 1284 StringPiece chlo_hash, |
| 1277 const SourceAddressTokens& previous_source_address_tokens, | 1285 const SourceAddressTokens& previous_source_address_tokens, |
| 1278 const IPAddress& server_ip, | 1286 const IPAddress& server_ip, |
| 1279 const IPAddress& client_ip, | 1287 const IPAddress& client_ip, |
| 1280 const QuicClock* clock, | 1288 const QuicClock* clock, |
| (...skipping 786 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2067 priority(0), | 2075 priority(0), |
| 2068 source_address_token_boxer(nullptr) {} | 2076 source_address_token_boxer(nullptr) {} |
| 2069 | 2077 |
| 2070 QuicCryptoServerConfig::Config::~Config() { | 2078 QuicCryptoServerConfig::Config::~Config() { |
| 2071 base::STLDeleteElements(&key_exchanges); | 2079 base::STLDeleteElements(&key_exchanges); |
| 2072 } | 2080 } |
| 2073 | 2081 |
| 2074 QuicCryptoProof::QuicCryptoProof() {} | 2082 QuicCryptoProof::QuicCryptoProof() {} |
| 2075 QuicCryptoProof::~QuicCryptoProof() {} | 2083 QuicCryptoProof::~QuicCryptoProof() {} |
| 2076 } // namespace net | 2084 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2338013004:
Simplify lifetime management of ValidateClientHelloResultCallback::Result objects (Closed)
