Use refcounted ownership for ValidateClientHelloResultCallback::Result

net/quic/core/crypto/quic_crypto_server_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/core/crypto/quic_crypto_server_config.h"
 
 #include <stdlib.h>
 
 #include <algorithm>
 #include <memory>
@@ skipping 63 matching lines @@
   if (ip.IsIPv4()) {
     return ConvertIPv4ToIPv4MappedIPv6(ip);
   }
   return ip;
 }
 
 }  // namespace
 
 class ValidateClientHelloHelper {
  public:
-  // Note: stores pointers to unique_ptrs, and std::moves the unique_ptrs when
+  // Note: stores a pointer to a unique_ptr, and std::moves the unique_ptr when
   // ValidationComplete is called.
   ValidateClientHelloHelper(
-      std::unique_ptr<ValidateClientHelloResultCallback::Result>* result,
+      scoped_refptr<ValidateClientHelloResultCallback::Result> result,
       std::unique_ptr<ValidateClientHelloResultCallback>* done_cb)
-      : result_(result), done_cb_(done_cb) {}
+      : result_(std::move(result)), done_cb_(done_cb) {}

[Ryan Hamilton, 2016/09/19 22:35:49]

ditto.

[Jana, 2016/09/20 21:28:52]

Acknowledged.

 
   ~ValidateClientHelloHelper() {
     QUIC_BUG_IF(done_cb_ != nullptr)
         << "Deleting ValidateClientHelloHelper with a pending callback.";
   }
 
   void ValidationComplete(
       QuicErrorCode error_code,
       const char* error_details,
       std::unique_ptr<ProofSource::Details> proof_source_details) {
-    (*result_)->error_code = error_code;
-    (*result_)->error_details = error_details;
-    (*done_cb_)->Run(std::move(*result_), std::move(proof_source_details));
+    result_->error_code = error_code;
+    result_->error_details = error_details;
+    (*done_cb_)->Run(std::move(result_), std::move(proof_source_details));
     DetachCallback();
   }
 
   void DetachCallback() {
     QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached.";
     done_cb_ = nullptr;
   }
 
  private:
-  std::unique_ptr<ValidateClientHelloResultCallback::Result>* result_;
+  scoped_refptr<ValidateClientHelloResultCallback::Result> result_;
   std::unique_ptr<ValidateClientHelloResultCallback>* done_cb_;
 
   DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper);
 };
 
 class VerifyNonceIsValidAndUniqueCallback
     : public StrikeRegisterClient::ResultCallback {
  public:
   VerifyNonceIsValidAndUniqueCallback(
-      std::unique_ptr<ValidateClientHelloResultCallback::Result> result,
+      scoped_refptr<ValidateClientHelloResultCallback::Result> result,
       std::unique_ptr<ProofSource::Details> proof_source_details,
       std::unique_ptr<ValidateClientHelloResultCallback> done_cb)
       : result_(std::move(result)),
         proof_source_details_(std::move(proof_source_details)),
         done_cb_(std::move(done_cb)) {}
 
  protected:
   void RunImpl(bool nonce_is_valid_and_unique,
                InsertStatus nonce_error) override {
     DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique
@@ skipping 23 matching lines @@
           client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE;
           break;
         case NONCE_OK:
         default:
           QUIC_BUG << "Unexpected client nonce error: " << nonce_error;
           client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE;
           break;
       }
       result_->info.reject_reasons.push_back(client_nonce_error);
     }
-    done_cb_->Run(std::move(result_), std::move(proof_source_details_));
+    done_cb_->Run(result_, std::move(proof_source_details_));
   }
 
  private:
-  std::unique_ptr<ValidateClientHelloResultCallback::Result> result_;
+  scoped_refptr<ValidateClientHelloResultCallback::Result> result_;
   std::unique_ptr<ProofSource::Details> proof_source_details_;
   std::unique_ptr<ValidateClientHelloResultCallback> done_cb_;
 
   DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback);
 };
 
 // static
 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing";
 
 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip,
@@ skipping 315 matching lines @@
 void QuicCryptoServerConfig::ValidateClientHello(
     const CryptoHandshakeMessage& client_hello,
     const IPAddress& client_ip,
     const IPAddress& server_ip,
     QuicVersion version,
     const QuicClock* clock,
     QuicCryptoProof* crypto_proof,
     std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
   const QuicWallTime now(clock->WallNow());
 
-  std::unique_ptr<ValidateClientHelloResultCallback::Result> result(
+  scoped_refptr<ValidateClientHelloResultCallback::Result> result(
       new ValidateClientHelloResultCallback::Result(client_hello, client_ip,
                                                     now));
 
   StringPiece requested_scid;
   client_hello.GetStringPiece(kSCID, &requested_scid);
 
   uint8_t primary_orbit[kOrbitSize];
   scoped_refptr<Config> requested_config;
   scoped_refptr<Config> primary_config;
   {
@@ skipping 20 matching lines @@
 
   if (result->error_code == QUIC_NO_ERROR) {
     if (version > QUIC_VERSION_30) {
       // QUIC v31 and above require a new proof for each CHLO so clear the
       // existing proof, if any.
       crypto_proof->chain = nullptr;
       crypto_proof->signature = "";
       crypto_proof->cert_sct = "";
     }
     EvaluateClientHello(server_ip, version, primary_orbit, requested_config,
-                        primary_config, crypto_proof, std::move(result),
+                        primary_config, crypto_proof, result,
                         std::move(done_cb));
   } else {
-    done_cb->Run(std::move(result), /* details = */ nullptr);
+    done_cb->Run(result, /* details = */ nullptr);
   }
 }
 
 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
-    const ValidateClientHelloResultCallback::Result& validate_chlo_result,
+    scoped_refptr<ValidateClientHelloResultCallback::Result>
+        validate_chlo_result,
     bool reject_only,
     QuicConnectionId connection_id,
     const IPAddress& server_ip,
     const IPEndPoint& client_address,
     QuicVersion version,
     const QuicVersionVector& supported_versions,
     bool use_stateless_rejects,
     QuicConnectionId server_designated_connection_id,
     const QuicClock* clock,
     QuicRandom* rand,
     QuicCompressedCertsCache* compressed_certs_cache,
     QuicCryptoNegotiatedParameters* params,
     QuicCryptoProof* crypto_proof,
     QuicByteCount total_framing_overhead,
     QuicByteCount chlo_packet_size,
     CryptoHandshakeMessage* out,
     DiversificationNonce* out_diversification_nonce,
     string* error_details) const {
   DCHECK(error_details);
 
   const CryptoHandshakeMessage& client_hello =
-      validate_chlo_result.client_hello;
-  const ClientHelloInfo& info = validate_chlo_result.info;
+      validate_chlo_result->client_hello;
+  const ClientHelloInfo& info = validate_chlo_result->info;
 
   QuicErrorCode valid = CryptoUtils::ValidateClientHello(
       client_hello, version, supported_versions, error_details);
   if (valid != QUIC_NO_ERROR)
     return valid;
 
   StringPiece requested_scid;
   client_hello.GetStringPiece(kSCID, &requested_scid);
   const QuicWallTime now(clock->WallNow());
 
@@ skipping 13 matching lines @@
       DCHECK(primary_config_.get());
       DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_);
     }
 
     // Use the config that the client requested in order to do key-agreement.
     // Otherwise give it a copy of |primary_config_| to use.
     primary_config = crypto_proof->config;
     requested_config = GetConfigWithScid(requested_scid);
   }
 
-  if (validate_chlo_result.error_code != QUIC_NO_ERROR) {
-    *error_details = validate_chlo_result.error_details;
-    return validate_chlo_result.error_code;
+  if (validate_chlo_result->error_code != QUIC_NO_ERROR) {
+    *error_details = validate_chlo_result->error_details;
+    return validate_chlo_result->error_code;
   }
 
   out->Clear();
 
   if (!ClientDemandsX509Proof(client_hello)) {
     *error_details = "Missing or invalid PDMD";
     return QUIC_UNSUPPORTED_PROOF_DEMAND;
   }
   DCHECK(proof_source_.get());
   string chlo_hash;
   CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
   // No need to get a new proof if one was already generated.
   if (!crypto_proof->chain &&
       !proof_source_->GetProof(server_ip, info.sni.as_string(),
                                primary_config->serialized, version, chlo_hash,
                                &crypto_proof->chain, &crypto_proof->signature,
                                &crypto_proof->cert_sct)) {
     return QUIC_HANDSHAKE_FAILED;
   }
 
   StringPiece cert_sct;
   if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) &&
       cert_sct.empty()) {
     params->sct_supported_by_client = true;
   }
 
   if (!info.reject_reasons.empty() || !requested_config.get()) {
     BuildRejection(version, clock->WallNow(), *primary_config, client_hello,
-                   info, validate_chlo_result.cached_network_params,
+                   info, validate_chlo_result->cached_network_params,
                    use_stateless_rejects, server_designated_connection_id, rand,
                    compressed_certs_cache, params, *crypto_proof,
                    total_framing_overhead, chlo_packet_size, out);
     return QUIC_NO_ERROR;
   }
 
   if (reject_only) {
     return QUIC_NO_ERROR;
   }
 
@@ skipping 133 matching lines @@
       params->channel_id = key.as_string();
     }
   }
 
   string hkdf_input;
   size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1;
   hkdf_input.reserve(label_len + hkdf_suffix.size());
   hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len);
   hkdf_input.append(hkdf_suffix);
 
-  string* subkey_secret = &params->initial_subkey_secret;
   CryptoUtils::Diversification diversification =
       CryptoUtils::Diversification::Never();
   if (version > QUIC_VERSION_32) {
     rand->RandBytes(out_diversification_nonce->data(),
                     out_diversification_nonce->size());
     diversification =
         CryptoUtils::Diversification::Now(out_diversification_nonce);
   }
 
   if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead,
                                info.client_nonce, info.server_nonce, hkdf_input,
                                Perspective::IS_SERVER, diversification,
-                               &params->initial_crypters, subkey_secret)) {
+                               &params->initial_crypters,
+                               &params->initial_subkey_secret)) {
     *error_details = "Symmetric key setup failed";
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
   }
 
   string forward_secure_public_value;
   if (ephemeral_key_source_.get()) {
     params->forward_secure_premaster_secret =
         ephemeral_key_source_->CalculateForwardSecureKey(
             key_exchange, rand, clock->ApproximateNow(), public_value,
             &forward_secure_public_value);
@@ skipping 162 matching lines @@
            << QuicUtils::HexEncode(
                   reinterpret_cast<const char*>(primary_config_->orbit),
                   kOrbitSize)
            << " scid: " << QuicUtils::HexEncode(primary_config_->id);
   next_config_promotion_time_ = QuicWallTime::Zero();
   if (primary_config_changed_cb_.get() != nullptr) {
     primary_config_changed_cb_->Run(primary_config_->id);
   }
 }
 
-class EvaluateClientHelloCallback : public ProofSource::Callback {
+class QuicCryptoServerConfig::EvaluateClientHelloCallback
+    : public ProofSource::Callback {
  public:
   EvaluateClientHelloCallback(
       const QuicCryptoServerConfig& config,
       bool found_error,
       const IPAddress& server_ip,
       QuicVersion version,
       const uint8_t* primary_orbit,
       scoped_refptr<QuicCryptoServerConfig::Config> requested_config,
       scoped_refptr<QuicCryptoServerConfig::Config> primary_config,
       QuicCryptoProof* crypto_proof,
-      std::unique_ptr<ValidateClientHelloResultCallback::Result>
+      scoped_refptr<ValidateClientHelloResultCallback::Result>
           client_hello_state,
       std::unique_ptr<ValidateClientHelloResultCallback> done_cb)
       : config_(config),
         found_error_(found_error),
         server_ip_(server_ip),
         version_(version),
         primary_orbit_(primary_orbit),
         requested_config_(std::move(requested_config)),
         primary_config_(std::move(primary_config)),
         crypto_proof_(crypto_proof),
@@ skipping 18 matching lines @@
 
  private:
   const QuicCryptoServerConfig& config_;
   const bool found_error_;
   const IPAddress& server_ip_;
   const QuicVersion version_;
   const uint8_t* primary_orbit_;
   const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_;
   const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_;
   QuicCryptoProof* crypto_proof_;
-  std::unique_ptr<ValidateClientHelloResultCallback::Result>
-      client_hello_state_;
+  scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_;
   std::unique_ptr<ValidateClientHelloResultCallback> done_cb_;
 };
 
 void QuicCryptoServerConfig::EvaluateClientHello(
     const IPAddress& server_ip,
     QuicVersion version,
     const uint8_t* primary_orbit,
     scoped_refptr<Config> requested_config,
     scoped_refptr<Config> primary_config,
     QuicCryptoProof* crypto_proof,
-    std::unique_ptr<ValidateClientHelloResultCallback::Result>
-        client_hello_state,
+    scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state,
     std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
-  ValidateClientHelloHelper helper(&client_hello_state, &done_cb);
+  ValidateClientHelloHelper helper(client_hello_state, &done_cb);
 
   const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello;
   ClientHelloInfo* info = &(client_hello_state->info);
 
   if (client_hello.size() < kClientHelloMinimumSize) {
     helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH,
                               "Client hello too small", nullptr);
     return;
   }
 
@@ skipping 94 matching lines @@
 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof(
     bool found_error,
     const IPAddress& server_ip,
     QuicVersion version,
     const uint8_t* primary_orbit,
     scoped_refptr<Config> requested_config,
     scoped_refptr<Config> primary_config,
     QuicCryptoProof* crypto_proof,
     std::unique_ptr<ProofSource::Details> proof_source_details,
     bool get_proof_failed,
-    std::unique_ptr<ValidateClientHelloResultCallback::Result>
-        client_hello_state,
+    scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state,
     std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
-  ValidateClientHelloHelper helper(&client_hello_state, &done_cb);
+  ValidateClientHelloHelper helper(client_hello_state, &done_cb);
   const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello;
   ClientHelloInfo* info = &(client_hello_state->info);
 
   if (get_proof_failed) {
     found_error = true;
     info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE);
   }
 
   if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) {
     found_error = true;
@@ skipping 884 matching lines @@
       priority(0),
       source_address_token_boxer(nullptr) {}
 
 QuicCryptoServerConfig::Config::~Config() {
   base::STLDeleteElements(&key_exchanges);
 }
 
 QuicCryptoProof::QuicCryptoProof() {}
 QuicCryptoProof::~QuicCryptoProof() {}
 }  // namespace net