| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 if (ip.IsIPv4()) { | 74 if (ip.IsIPv4()) { |
| 75 return ConvertIPv4ToIPv4MappedIPv6(ip); | 75 return ConvertIPv4ToIPv4MappedIPv6(ip); |
| 76 } | 76 } |
| 77 return ip; | 77 return ip; |
| 78 } | 78 } |
| 79 | 79 |
| 80 } // namespace | 80 } // namespace |
| 81 | 81 |
| 82 class ValidateClientHelloHelper { | 82 class ValidateClientHelloHelper { |
| 83 public: | 83 public: |
| 84 // Note: stores pointers to unique_ptrs, and std::moves the unique_ptrs when | 84 // Note: stores a pointer to a unique_ptr, and std::moves the unique_ptr when |
| 85 // ValidationComplete is called. | 85 // ValidationComplete is called. |
| 86 ValidateClientHelloHelper( | 86 ValidateClientHelloHelper( |
| 87 std::unique_ptr<ValidateClientHelloResultCallback::Result>* result, | 87 scoped_refptr<ValidateClientHelloResultCallback::Result> result, |
| 88 std::unique_ptr<ValidateClientHelloResultCallback>* done_cb) | 88 std::unique_ptr<ValidateClientHelloResultCallback>* done_cb) |
| 89 : result_(result), done_cb_(done_cb) {} | 89 : result_(std::move(result)), done_cb_(done_cb) {} |
| 90 | 90 |
| 91 ~ValidateClientHelloHelper() { | 91 ~ValidateClientHelloHelper() { |
| 92 QUIC_BUG_IF(done_cb_ != nullptr) | 92 QUIC_BUG_IF(done_cb_ != nullptr) |
| 93 << "Deleting ValidateClientHelloHelper with a pending callback."; | 93 << "Deleting ValidateClientHelloHelper with a pending callback."; |
| 94 } | 94 } |
| 95 | 95 |
| 96 void ValidationComplete( | 96 void ValidationComplete( |
| 97 QuicErrorCode error_code, | 97 QuicErrorCode error_code, |
| 98 const char* error_details, | 98 const char* error_details, |
| 99 std::unique_ptr<ProofSource::Details> proof_source_details) { | 99 std::unique_ptr<ProofSource::Details> proof_source_details) { |
| 100 (*result_)->error_code = error_code; | 100 result_->error_code = error_code; |
| 101 (*result_)->error_details = error_details; | 101 result_->error_details = error_details; |
| 102 (*done_cb_)->Run(std::move(*result_), std::move(proof_source_details)); | 102 (*done_cb_)->Run(std::move(result_), std::move(proof_source_details)); |
| 103 DetachCallback(); | 103 DetachCallback(); |
| 104 } | 104 } |
| 105 | 105 |
| 106 void DetachCallback() { | 106 void DetachCallback() { |
| 107 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; | 107 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; |
| 108 done_cb_ = nullptr; | 108 done_cb_ = nullptr; |
| 109 } | 109 } |
| 110 | 110 |
| 111 private: | 111 private: |
| 112 std::unique_ptr<ValidateClientHelloResultCallback::Result>* result_; | 112 scoped_refptr<ValidateClientHelloResultCallback::Result> result_; |
| 113 std::unique_ptr<ValidateClientHelloResultCallback>* done_cb_; | 113 std::unique_ptr<ValidateClientHelloResultCallback>* done_cb_; |
| 114 | 114 |
| 115 DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper); | 115 DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper); |
| 116 }; | 116 }; |
| 117 | 117 |
| 118 class VerifyNonceIsValidAndUniqueCallback | 118 class VerifyNonceIsValidAndUniqueCallback |
| 119 : public StrikeRegisterClient::ResultCallback { | 119 : public StrikeRegisterClient::ResultCallback { |
| 120 public: | 120 public: |
| 121 VerifyNonceIsValidAndUniqueCallback( | 121 VerifyNonceIsValidAndUniqueCallback( |
| 122 std::unique_ptr<ValidateClientHelloResultCallback::Result> result, | 122 scoped_refptr<ValidateClientHelloResultCallback::Result> result, |
| 123 std::unique_ptr<ProofSource::Details> proof_source_details, | 123 std::unique_ptr<ProofSource::Details> proof_source_details, |
| 124 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) | 124 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) |
| 125 : result_(std::move(result)), | 125 : result_(std::move(result)), |
| 126 proof_source_details_(std::move(proof_source_details)), | 126 proof_source_details_(std::move(proof_source_details)), |
| 127 done_cb_(std::move(done_cb)) {} | 127 done_cb_(std::move(done_cb)) {} |
| 128 | 128 |
| 129 protected: | 129 protected: |
| 130 void RunImpl(bool nonce_is_valid_and_unique, | 130 void RunImpl(bool nonce_is_valid_and_unique, |
| 131 InsertStatus nonce_error) override { | 131 InsertStatus nonce_error) override { |
| 132 DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique | 132 DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique |
| (...skipping 23 matching lines...) Expand all Loading... |
| 156 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; | 156 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; |
| 157 break; | 157 break; |
| 158 case NONCE_OK: | 158 case NONCE_OK: |
| 159 default: | 159 default: |
| 160 QUIC_BUG << "Unexpected client nonce error: " << nonce_error; | 160 QUIC_BUG << "Unexpected client nonce error: " << nonce_error; |
| 161 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; | 161 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; |
| 162 break; | 162 break; |
| 163 } | 163 } |
| 164 result_->info.reject_reasons.push_back(client_nonce_error); | 164 result_->info.reject_reasons.push_back(client_nonce_error); |
| 165 } | 165 } |
| 166 done_cb_->Run(std::move(result_), std::move(proof_source_details_)); | 166 done_cb_->Run(result_, std::move(proof_source_details_)); |
| 167 } | 167 } |
| 168 | 168 |
| 169 private: | 169 private: |
| 170 std::unique_ptr<ValidateClientHelloResultCallback::Result> result_; | 170 scoped_refptr<ValidateClientHelloResultCallback::Result> result_; |
| 171 std::unique_ptr<ProofSource::Details> proof_source_details_; | 171 std::unique_ptr<ProofSource::Details> proof_source_details_; |
| 172 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; | 172 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; |
| 173 | 173 |
| 174 DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback); | 174 DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback); |
| 175 }; | 175 }; |
| 176 | 176 |
| 177 // static | 177 // static |
| 178 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing"; | 178 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing"; |
| 179 | 179 |
| 180 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip, | 180 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip, |
| (...skipping 315 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 496 void QuicCryptoServerConfig::ValidateClientHello( | 496 void QuicCryptoServerConfig::ValidateClientHello( |
| 497 const CryptoHandshakeMessage& client_hello, | 497 const CryptoHandshakeMessage& client_hello, |
| 498 const IPAddress& client_ip, | 498 const IPAddress& client_ip, |
| 499 const IPAddress& server_ip, | 499 const IPAddress& server_ip, |
| 500 QuicVersion version, | 500 QuicVersion version, |
| 501 const QuicClock* clock, | 501 const QuicClock* clock, |
| 502 QuicCryptoProof* crypto_proof, | 502 QuicCryptoProof* crypto_proof, |
| 503 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 503 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 504 const QuicWallTime now(clock->WallNow()); | 504 const QuicWallTime now(clock->WallNow()); |
| 505 | 505 |
| 506 std::unique_ptr<ValidateClientHelloResultCallback::Result> result( | 506 scoped_refptr<ValidateClientHelloResultCallback::Result> result( |
| 507 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, | 507 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, |
| 508 now)); | 508 now)); |
| 509 | 509 |
| 510 StringPiece requested_scid; | 510 StringPiece requested_scid; |
| 511 client_hello.GetStringPiece(kSCID, &requested_scid); | 511 client_hello.GetStringPiece(kSCID, &requested_scid); |
| 512 | 512 |
| 513 uint8_t primary_orbit[kOrbitSize]; | 513 uint8_t primary_orbit[kOrbitSize]; |
| 514 scoped_refptr<Config> requested_config; | 514 scoped_refptr<Config> requested_config; |
| 515 scoped_refptr<Config> primary_config; | 515 scoped_refptr<Config> primary_config; |
| 516 { | 516 { |
| (...skipping 20 matching lines...) Expand all Loading... |
| 537 | 537 |
| 538 if (result->error_code == QUIC_NO_ERROR) { | 538 if (result->error_code == QUIC_NO_ERROR) { |
| 539 if (version > QUIC_VERSION_30) { | 539 if (version > QUIC_VERSION_30) { |
| 540 // QUIC v31 and above require a new proof for each CHLO so clear the | 540 // QUIC v31 and above require a new proof for each CHLO so clear the |
| 541 // existing proof, if any. | 541 // existing proof, if any. |
| 542 crypto_proof->chain = nullptr; | 542 crypto_proof->chain = nullptr; |
| 543 crypto_proof->signature = ""; | 543 crypto_proof->signature = ""; |
| 544 crypto_proof->cert_sct = ""; | 544 crypto_proof->cert_sct = ""; |
| 545 } | 545 } |
| 546 EvaluateClientHello(server_ip, version, primary_orbit, requested_config, | 546 EvaluateClientHello(server_ip, version, primary_orbit, requested_config, |
| 547 primary_config, crypto_proof, std::move(result), | 547 primary_config, crypto_proof, result, |
| 548 std::move(done_cb)); | 548 std::move(done_cb)); |
| 549 } else { | 549 } else { |
| 550 done_cb->Run(std::move(result), /* details = */ nullptr); | 550 done_cb->Run(result, /* details = */ nullptr); |
| 551 } | 551 } |
| 552 } | 552 } |
| 553 | 553 |
| 554 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello( | 554 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello( |
| 555 const ValidateClientHelloResultCallback::Result& validate_chlo_result, | 555 scoped_refptr<ValidateClientHelloResultCallback::Result> |
| 556 validate_chlo_result, |
| 556 bool reject_only, | 557 bool reject_only, |
| 557 QuicConnectionId connection_id, | 558 QuicConnectionId connection_id, |
| 558 const IPAddress& server_ip, | 559 const IPAddress& server_ip, |
| 559 const IPEndPoint& client_address, | 560 const IPEndPoint& client_address, |
| 560 QuicVersion version, | 561 QuicVersion version, |
| 561 const QuicVersionVector& supported_versions, | 562 const QuicVersionVector& supported_versions, |
| 562 bool use_stateless_rejects, | 563 bool use_stateless_rejects, |
| 563 QuicConnectionId server_designated_connection_id, | 564 QuicConnectionId server_designated_connection_id, |
| 564 const QuicClock* clock, | 565 const QuicClock* clock, |
| 565 QuicRandom* rand, | 566 QuicRandom* rand, |
| 566 QuicCompressedCertsCache* compressed_certs_cache, | 567 QuicCompressedCertsCache* compressed_certs_cache, |
| 567 QuicCryptoNegotiatedParameters* params, | 568 QuicCryptoNegotiatedParameters* params, |
| 568 QuicCryptoProof* crypto_proof, | 569 QuicCryptoProof* crypto_proof, |
| 569 QuicByteCount total_framing_overhead, | 570 QuicByteCount total_framing_overhead, |
| 570 QuicByteCount chlo_packet_size, | 571 QuicByteCount chlo_packet_size, |
| 571 CryptoHandshakeMessage* out, | 572 CryptoHandshakeMessage* out, |
| 572 DiversificationNonce* out_diversification_nonce, | 573 DiversificationNonce* out_diversification_nonce, |
| 573 string* error_details) const { | 574 string* error_details) const { |
| 574 DCHECK(error_details); | 575 DCHECK(error_details); |
| 575 | 576 |
| 576 const CryptoHandshakeMessage& client_hello = | 577 const CryptoHandshakeMessage& client_hello = |
| 577 validate_chlo_result.client_hello; | 578 validate_chlo_result->client_hello; |
| 578 const ClientHelloInfo& info = validate_chlo_result.info; | 579 const ClientHelloInfo& info = validate_chlo_result->info; |
| 579 | 580 |
| 580 QuicErrorCode valid = CryptoUtils::ValidateClientHello( | 581 QuicErrorCode valid = CryptoUtils::ValidateClientHello( |
| 581 client_hello, version, supported_versions, error_details); | 582 client_hello, version, supported_versions, error_details); |
| 582 if (valid != QUIC_NO_ERROR) | 583 if (valid != QUIC_NO_ERROR) |
| 583 return valid; | 584 return valid; |
| 584 | 585 |
| 585 StringPiece requested_scid; | 586 StringPiece requested_scid; |
| 586 client_hello.GetStringPiece(kSCID, &requested_scid); | 587 client_hello.GetStringPiece(kSCID, &requested_scid); |
| 587 const QuicWallTime now(clock->WallNow()); | 588 const QuicWallTime now(clock->WallNow()); |
| 588 | 589 |
| (...skipping 13 matching lines...) Expand all Loading... |
| 602 DCHECK(primary_config_.get()); | 603 DCHECK(primary_config_.get()); |
| 603 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); | 604 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); |
| 604 } | 605 } |
| 605 | 606 |
| 606 // Use the config that the client requested in order to do key-agreement. | 607 // Use the config that the client requested in order to do key-agreement. |
| 607 // Otherwise give it a copy of |primary_config_| to use. | 608 // Otherwise give it a copy of |primary_config_| to use. |
| 608 primary_config = crypto_proof->config; | 609 primary_config = crypto_proof->config; |
| 609 requested_config = GetConfigWithScid(requested_scid); | 610 requested_config = GetConfigWithScid(requested_scid); |
| 610 } | 611 } |
| 611 | 612 |
| 612 if (validate_chlo_result.error_code != QUIC_NO_ERROR) { | 613 if (validate_chlo_result->error_code != QUIC_NO_ERROR) { |
| 613 *error_details = validate_chlo_result.error_details; | 614 *error_details = validate_chlo_result->error_details; |
| 614 return validate_chlo_result.error_code; | 615 return validate_chlo_result->error_code; |
| 615 } | 616 } |
| 616 | 617 |
| 617 out->Clear(); | 618 out->Clear(); |
| 618 | 619 |
| 619 if (!ClientDemandsX509Proof(client_hello)) { | 620 if (!ClientDemandsX509Proof(client_hello)) { |
| 620 *error_details = "Missing or invalid PDMD"; | 621 *error_details = "Missing or invalid PDMD"; |
| 621 return QUIC_UNSUPPORTED_PROOF_DEMAND; | 622 return QUIC_UNSUPPORTED_PROOF_DEMAND; |
| 622 } | 623 } |
| 623 DCHECK(proof_source_.get()); | 624 DCHECK(proof_source_.get()); |
| 624 string chlo_hash; | 625 string chlo_hash; |
| 625 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); | 626 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
| 626 // No need to get a new proof if one was already generated. | 627 // No need to get a new proof if one was already generated. |
| 627 if (!crypto_proof->chain && | 628 if (!crypto_proof->chain && |
| 628 !proof_source_->GetProof(server_ip, info.sni.as_string(), | 629 !proof_source_->GetProof(server_ip, info.sni.as_string(), |
| 629 primary_config->serialized, version, chlo_hash, | 630 primary_config->serialized, version, chlo_hash, |
| 630 &crypto_proof->chain, &crypto_proof->signature, | 631 &crypto_proof->chain, &crypto_proof->signature, |
| 631 &crypto_proof->cert_sct)) { | 632 &crypto_proof->cert_sct)) { |
| 632 return QUIC_HANDSHAKE_FAILED; | 633 return QUIC_HANDSHAKE_FAILED; |
| 633 } | 634 } |
| 634 | 635 |
| 635 StringPiece cert_sct; | 636 StringPiece cert_sct; |
| 636 if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) && | 637 if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) && |
| 637 cert_sct.empty()) { | 638 cert_sct.empty()) { |
| 638 params->sct_supported_by_client = true; | 639 params->sct_supported_by_client = true; |
| 639 } | 640 } |
| 640 | 641 |
| 641 if (!info.reject_reasons.empty() || !requested_config.get()) { | 642 if (!info.reject_reasons.empty() || !requested_config.get()) { |
| 642 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, | 643 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, |
| 643 info, validate_chlo_result.cached_network_params, | 644 info, validate_chlo_result->cached_network_params, |
| 644 use_stateless_rejects, server_designated_connection_id, rand, | 645 use_stateless_rejects, server_designated_connection_id, rand, |
| 645 compressed_certs_cache, params, *crypto_proof, | 646 compressed_certs_cache, params, *crypto_proof, |
| 646 total_framing_overhead, chlo_packet_size, out); | 647 total_framing_overhead, chlo_packet_size, out); |
| 647 return QUIC_NO_ERROR; | 648 return QUIC_NO_ERROR; |
| 648 } | 649 } |
| 649 | 650 |
| 650 if (reject_only) { | 651 if (reject_only) { |
| 651 return QUIC_NO_ERROR; | 652 return QUIC_NO_ERROR; |
| 652 } | 653 } |
| 653 | 654 |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 787 params->channel_id = key.as_string(); | 788 params->channel_id = key.as_string(); |
| 788 } | 789 } |
| 789 } | 790 } |
| 790 | 791 |
| 791 string hkdf_input; | 792 string hkdf_input; |
| 792 size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; | 793 size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; |
| 793 hkdf_input.reserve(label_len + hkdf_suffix.size()); | 794 hkdf_input.reserve(label_len + hkdf_suffix.size()); |
| 794 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); | 795 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); |
| 795 hkdf_input.append(hkdf_suffix); | 796 hkdf_input.append(hkdf_suffix); |
| 796 | 797 |
| 797 string* subkey_secret = ¶ms->initial_subkey_secret; | |
| 798 CryptoUtils::Diversification diversification = | 798 CryptoUtils::Diversification diversification = |
| 799 CryptoUtils::Diversification::Never(); | 799 CryptoUtils::Diversification::Never(); |
| 800 if (version > QUIC_VERSION_32) { | 800 if (version > QUIC_VERSION_32) { |
| 801 rand->RandBytes(out_diversification_nonce->data(), | 801 rand->RandBytes(out_diversification_nonce->data(), |
| 802 out_diversification_nonce->size()); | 802 out_diversification_nonce->size()); |
| 803 diversification = | 803 diversification = |
| 804 CryptoUtils::Diversification::Now(out_diversification_nonce); | 804 CryptoUtils::Diversification::Now(out_diversification_nonce); |
| 805 } | 805 } |
| 806 | 806 |
| 807 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, | 807 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, |
| 808 info.client_nonce, info.server_nonce, hkdf_input, | 808 info.client_nonce, info.server_nonce, hkdf_input, |
| 809 Perspective::IS_SERVER, diversification, | 809 Perspective::IS_SERVER, diversification, |
| 810 ¶ms->initial_crypters, subkey_secret)) { | 810 ¶ms->initial_crypters, |
| 811 ¶ms->initial_subkey_secret)) { |
| 811 *error_details = "Symmetric key setup failed"; | 812 *error_details = "Symmetric key setup failed"; |
| 812 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; | 813 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; |
| 813 } | 814 } |
| 814 | 815 |
| 815 string forward_secure_public_value; | 816 string forward_secure_public_value; |
| 816 if (ephemeral_key_source_.get()) { | 817 if (ephemeral_key_source_.get()) { |
| 817 params->forward_secure_premaster_secret = | 818 params->forward_secure_premaster_secret = |
| 818 ephemeral_key_source_->CalculateForwardSecureKey( | 819 ephemeral_key_source_->CalculateForwardSecureKey( |
| 819 key_exchange, rand, clock->ApproximateNow(), public_value, | 820 key_exchange, rand, clock->ApproximateNow(), public_value, |
| 820 &forward_secure_public_value); | 821 &forward_secure_public_value); |
| (...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 983 << QuicUtils::HexEncode( | 984 << QuicUtils::HexEncode( |
| 984 reinterpret_cast<const char*>(primary_config_->orbit), | 985 reinterpret_cast<const char*>(primary_config_->orbit), |
| 985 kOrbitSize) | 986 kOrbitSize) |
| 986 << " scid: " << QuicUtils::HexEncode(primary_config_->id); | 987 << " scid: " << QuicUtils::HexEncode(primary_config_->id); |
| 987 next_config_promotion_time_ = QuicWallTime::Zero(); | 988 next_config_promotion_time_ = QuicWallTime::Zero(); |
| 988 if (primary_config_changed_cb_.get() != nullptr) { | 989 if (primary_config_changed_cb_.get() != nullptr) { |
| 989 primary_config_changed_cb_->Run(primary_config_->id); | 990 primary_config_changed_cb_->Run(primary_config_->id); |
| 990 } | 991 } |
| 991 } | 992 } |
| 992 | 993 |
| 993 class EvaluateClientHelloCallback : public ProofSource::Callback { | 994 class QuicCryptoServerConfig::EvaluateClientHelloCallback |
| 995 : public ProofSource::Callback { |
| 994 public: | 996 public: |
| 995 EvaluateClientHelloCallback( | 997 EvaluateClientHelloCallback( |
| 996 const QuicCryptoServerConfig& config, | 998 const QuicCryptoServerConfig& config, |
| 997 bool found_error, | 999 bool found_error, |
| 998 const IPAddress& server_ip, | 1000 const IPAddress& server_ip, |
| 999 QuicVersion version, | 1001 QuicVersion version, |
| 1000 const uint8_t* primary_orbit, | 1002 const uint8_t* primary_orbit, |
| 1001 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, | 1003 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, |
| 1002 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, | 1004 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, |
| 1003 QuicCryptoProof* crypto_proof, | 1005 QuicCryptoProof* crypto_proof, |
| 1004 std::unique_ptr<ValidateClientHelloResultCallback::Result> | 1006 scoped_refptr<ValidateClientHelloResultCallback::Result> |
| 1005 client_hello_state, | 1007 client_hello_state, |
| 1006 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) | 1008 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) |
| 1007 : config_(config), | 1009 : config_(config), |
| 1008 found_error_(found_error), | 1010 found_error_(found_error), |
| 1009 server_ip_(server_ip), | 1011 server_ip_(server_ip), |
| 1010 version_(version), | 1012 version_(version), |
| 1011 primary_orbit_(primary_orbit), | 1013 primary_orbit_(primary_orbit), |
| 1012 requested_config_(std::move(requested_config)), | 1014 requested_config_(std::move(requested_config)), |
| 1013 primary_config_(std::move(primary_config)), | 1015 primary_config_(std::move(primary_config)), |
| 1014 crypto_proof_(crypto_proof), | 1016 crypto_proof_(crypto_proof), |
| (...skipping 18 matching lines...) Expand all Loading... |
| 1033 | 1035 |
| 1034 private: | 1036 private: |
| 1035 const QuicCryptoServerConfig& config_; | 1037 const QuicCryptoServerConfig& config_; |
| 1036 const bool found_error_; | 1038 const bool found_error_; |
| 1037 const IPAddress& server_ip_; | 1039 const IPAddress& server_ip_; |
| 1038 const QuicVersion version_; | 1040 const QuicVersion version_; |
| 1039 const uint8_t* primary_orbit_; | 1041 const uint8_t* primary_orbit_; |
| 1040 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; | 1042 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; |
| 1041 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; | 1043 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; |
| 1042 QuicCryptoProof* crypto_proof_; | 1044 QuicCryptoProof* crypto_proof_; |
| 1043 std::unique_ptr<ValidateClientHelloResultCallback::Result> | 1045 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_; |
| 1044 client_hello_state_; | |
| 1045 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; | 1046 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; |
| 1046 }; | 1047 }; |
| 1047 | 1048 |
| 1048 void QuicCryptoServerConfig::EvaluateClientHello( | 1049 void QuicCryptoServerConfig::EvaluateClientHello( |
| 1049 const IPAddress& server_ip, | 1050 const IPAddress& server_ip, |
| 1050 QuicVersion version, | 1051 QuicVersion version, |
| 1051 const uint8_t* primary_orbit, | 1052 const uint8_t* primary_orbit, |
| 1052 scoped_refptr<Config> requested_config, | 1053 scoped_refptr<Config> requested_config, |
| 1053 scoped_refptr<Config> primary_config, | 1054 scoped_refptr<Config> primary_config, |
| 1054 QuicCryptoProof* crypto_proof, | 1055 QuicCryptoProof* crypto_proof, |
| 1055 std::unique_ptr<ValidateClientHelloResultCallback::Result> | 1056 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, |
| 1056 client_hello_state, | |
| 1057 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1057 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1058 ValidateClientHelloHelper helper(&client_hello_state, &done_cb); | 1058 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
| 1059 | 1059 |
| 1060 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1060 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1061 ClientHelloInfo* info = &(client_hello_state->info); | 1061 ClientHelloInfo* info = &(client_hello_state->info); |
| 1062 | 1062 |
| 1063 if (client_hello.size() < kClientHelloMinimumSize) { | 1063 if (client_hello.size() < kClientHelloMinimumSize) { |
| 1064 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, | 1064 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, |
| 1065 "Client hello too small", nullptr); | 1065 "Client hello too small", nullptr); |
| 1066 return; | 1066 return; |
| 1067 } | 1067 } |
| 1068 | 1068 |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1163 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( | 1163 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( |
| 1164 bool found_error, | 1164 bool found_error, |
| 1165 const IPAddress& server_ip, | 1165 const IPAddress& server_ip, |
| 1166 QuicVersion version, | 1166 QuicVersion version, |
| 1167 const uint8_t* primary_orbit, | 1167 const uint8_t* primary_orbit, |
| 1168 scoped_refptr<Config> requested_config, | 1168 scoped_refptr<Config> requested_config, |
| 1169 scoped_refptr<Config> primary_config, | 1169 scoped_refptr<Config> primary_config, |
| 1170 QuicCryptoProof* crypto_proof, | 1170 QuicCryptoProof* crypto_proof, |
| 1171 std::unique_ptr<ProofSource::Details> proof_source_details, | 1171 std::unique_ptr<ProofSource::Details> proof_source_details, |
| 1172 bool get_proof_failed, | 1172 bool get_proof_failed, |
| 1173 std::unique_ptr<ValidateClientHelloResultCallback::Result> | 1173 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, |
| 1174 client_hello_state, | |
| 1175 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1174 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1176 ValidateClientHelloHelper helper(&client_hello_state, &done_cb); | 1175 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
| 1177 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1176 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1178 ClientHelloInfo* info = &(client_hello_state->info); | 1177 ClientHelloInfo* info = &(client_hello_state->info); |
| 1179 | 1178 |
| 1180 if (get_proof_failed) { | 1179 if (get_proof_failed) { |
| 1181 found_error = true; | 1180 found_error = true; |
| 1182 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); | 1181 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); |
| 1183 } | 1182 } |
| 1184 | 1183 |
| 1185 if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) { | 1184 if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) { |
| 1186 found_error = true; | 1185 found_error = true; |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1319 } | 1318 } |
| 1320 | 1319 |
| 1321 const string compressed = CompressChain( | 1320 const string compressed = CompressChain( |
| 1322 compressed_certs_cache, chain, params.client_common_set_hashes, | 1321 compressed_certs_cache, chain, params.client_common_set_hashes, |
| 1323 params.client_cached_cert_hashes, common_cert_sets); | 1322 params.client_cached_cert_hashes, common_cert_sets); |
| 1324 | 1323 |
| 1325 out->SetStringPiece(kCertificateTag, compressed); | 1324 out->SetStringPiece(kCertificateTag, compressed); |
| 1326 out->SetStringPiece(kPROF, signature); | 1325 out->SetStringPiece(kPROF, signature); |
| 1327 if (params.sct_supported_by_client && enable_serving_sct_) { | 1326 if (params.sct_supported_by_client && enable_serving_sct_) { |
| 1328 if (cert_sct.empty()) { | 1327 if (cert_sct.empty()) { |
| 1329 DLOG(WARNING) << "SCT is expected but it is empty."; | 1328 DLOG(WARNING) << "SCT is expected but it is empty. sni: " << params.sni |
| 1329 << " server_ip: " << server_ip.ToString(); |
| 1330 } else { | 1330 } else { |
| 1331 out->SetStringPiece(kCertificateSCTTag, cert_sct); | 1331 out->SetStringPiece(kCertificateSCTTag, cert_sct); |
| 1332 } | 1332 } |
| 1333 } | 1333 } |
| 1334 return true; | 1334 return true; |
| 1335 } | 1335 } |
| 1336 | 1336 |
| 1337 void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( | 1337 void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( |
| 1338 QuicVersion version, | 1338 QuicVersion version, |
| 1339 StringPiece chlo_hash, | 1339 StringPiece chlo_hash, |
| (...skipping 731 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2071 priority(0), | 2071 priority(0), |
| 2072 source_address_token_boxer(nullptr) {} | 2072 source_address_token_boxer(nullptr) {} |
| 2073 | 2073 |
| 2074 QuicCryptoServerConfig::Config::~Config() { | 2074 QuicCryptoServerConfig::Config::~Config() { |
| 2075 base::STLDeleteElements(&key_exchanges); | 2075 base::STLDeleteElements(&key_exchanges); |
| 2076 } | 2076 } |
| 2077 | 2077 |
| 2078 QuicCryptoProof::QuicCryptoProof() {} | 2078 QuicCryptoProof::QuicCryptoProof() {} |
| 2079 QuicCryptoProof::~QuicCryptoProof() {} | 2079 QuicCryptoProof::~QuicCryptoProof() {} |
| 2080 } // namespace net | 2080 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2359503003:
Landing Recent QUIC changes until 9:58 AM, Sep 17, 2016 UTC (Closed)
