| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 1383 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1394 common_cert_sets = primary_config_->common_cert_sets; | 1394 common_cert_sets = primary_config_->common_cert_sets; |
| 1395 expiry_time = primary_config_->expiry_time; | 1395 expiry_time = primary_config_->expiry_time; |
| 1396 source_address_token = NewSourceAddressToken( | 1396 source_address_token = NewSourceAddressToken( |
| 1397 *primary_config_, previous_source_address_tokens, client_ip, rand, | 1397 *primary_config_, previous_source_address_tokens, client_ip, rand, |
| 1398 clock->WallNow(), cached_network_params); | 1398 clock->WallNow(), cached_network_params); |
| 1399 } | 1399 } |
| 1400 | 1400 |
| 1401 out->set_tag(kSCUP); | 1401 out->set_tag(kSCUP); |
| 1402 out->SetStringPiece(kSCFG, serialized); | 1402 out->SetStringPiece(kSCFG, serialized); |
| 1403 out->SetStringPiece(kSourceAddressTokenTag, source_address_token); | 1403 out->SetStringPiece(kSourceAddressTokenTag, source_address_token); |
| 1404 if (FLAGS_quic_send_scfg_ttl) { | 1404 out->SetValue(kSTTL, |
| 1405 out->SetValue(kSTTL, | 1405 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds()); |
| 1406 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds()); | |
| 1407 } | |
| 1408 | 1406 |
| 1409 scoped_refptr<ProofSource::Chain> chain; | 1407 scoped_refptr<ProofSource::Chain> chain; |
| 1410 string signature; | 1408 string signature; |
| 1411 string cert_sct; | 1409 string cert_sct; |
| 1412 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version, | 1410 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version, |
| 1413 chlo_hash, &chain, &signature, &cert_sct)) { | 1411 chlo_hash, &chain, &signature, &cert_sct)) { |
| 1414 DVLOG(1) << "Server: failed to get proof."; | 1412 DVLOG(1) << "Server: failed to get proof."; |
| 1415 return false; | 1413 return false; |
| 1416 } | 1414 } |
| 1417 | 1415 |
| (...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1564 out->set_tag(kSREJ); | 1562 out->set_tag(kSREJ); |
| 1565 out->SetValue(kRCID, server_designated_connection_id); | 1563 out->SetValue(kRCID, server_designated_connection_id); |
| 1566 } else { | 1564 } else { |
| 1567 out->set_tag(kREJ); | 1565 out->set_tag(kREJ); |
| 1568 } | 1566 } |
| 1569 out->SetStringPiece(kSCFG, config.serialized); | 1567 out->SetStringPiece(kSCFG, config.serialized); |
| 1570 out->SetStringPiece( | 1568 out->SetStringPiece( |
| 1571 kSourceAddressTokenTag, | 1569 kSourceAddressTokenTag, |
| 1572 NewSourceAddressToken(config, info.source_address_tokens, info.client_ip, | 1570 NewSourceAddressToken(config, info.source_address_tokens, info.client_ip, |
| 1573 rand, info.now, &cached_network_params)); | 1571 rand, info.now, &cached_network_params)); |
| 1574 if (FLAGS_quic_send_scfg_ttl) { | 1572 out->SetValue(kSTTL, config.expiry_time.AbsoluteDifference(now).ToSeconds()); |
| 1575 out->SetValue(kSTTL, | |
| 1576 config.expiry_time.AbsoluteDifference(now).ToSeconds()); | |
| 1577 } | |
| 1578 if (replay_protection_) { | 1573 if (replay_protection_) { |
| 1579 out->SetStringPiece(kServerNonceTag, NewServerNonce(rand, info.now)); | 1574 out->SetStringPiece(kServerNonceTag, NewServerNonce(rand, info.now)); |
| 1580 } | 1575 } |
| 1581 | 1576 |
| 1582 // Send client the reject reason for debugging purposes. | 1577 // Send client the reject reason for debugging purposes. |
| 1583 DCHECK_LT(0u, info.reject_reasons.size()); | 1578 DCHECK_LT(0u, info.reject_reasons.size()); |
| 1584 out->SetVector(kRREJ, info.reject_reasons); | 1579 out->SetVector(kRREJ, info.reject_reasons); |
| 1585 | 1580 |
| 1586 // The client may have requested a certificate chain. | 1581 // The client may have requested a certificate chain. |
| 1587 if (!ClientDemandsX509Proof(client_hello)) { | 1582 if (!ClientDemandsX509Proof(client_hello)) { |
| (...skipping 237 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1825 for (const KeyExchange* key_exchange : config->key_exchanges) { | 1820 for (const KeyExchange* key_exchange : config->key_exchanges) { |
| 1826 if (key_exchange->tag() == tag) { | 1821 if (key_exchange->tag() == tag) { |
| 1827 LOG(WARNING) << "Duplicate key exchange in config: " << tag; | 1822 LOG(WARNING) << "Duplicate key exchange in config: " << tag; |
| 1828 return nullptr; | 1823 return nullptr; |
| 1829 } | 1824 } |
| 1830 } | 1825 } |
| 1831 | 1826 |
| 1832 config->key_exchanges.push_back(ka.release()); | 1827 config->key_exchanges.push_back(ka.release()); |
| 1833 } | 1828 } |
| 1834 | 1829 |
| 1835 if (FLAGS_quic_send_scfg_ttl) { | 1830 uint64_t expiry_seconds; |
| 1836 uint64_t expiry_seconds; | 1831 if (msg->GetUint64(kEXPY, &expiry_seconds) != QUIC_NO_ERROR) { |
| 1837 if (msg->GetUint64(kEXPY, &expiry_seconds) != QUIC_NO_ERROR) { | 1832 LOG(WARNING) << "Server config message is missing EXPY"; |
| 1838 LOG(WARNING) << "Server config message is missing EXPY"; | 1833 return nullptr; |
| 1839 return nullptr; | |
| 1840 } | |
| 1841 config->expiry_time = QuicWallTime::FromUNIXSeconds(expiry_seconds); | |
| 1842 } | 1834 } |
| 1835 config->expiry_time = QuicWallTime::FromUNIXSeconds(expiry_seconds); |
| 1843 | 1836 |
| 1844 return config; | 1837 return config; |
| 1845 } | 1838 } |
| 1846 | 1839 |
| 1847 void QuicCryptoServerConfig::SetEphemeralKeySource( | 1840 void QuicCryptoServerConfig::SetEphemeralKeySource( |
| 1848 EphemeralKeySource* ephemeral_key_source) { | 1841 EphemeralKeySource* ephemeral_key_source) { |
| 1849 ephemeral_key_source_.reset(ephemeral_key_source); | 1842 ephemeral_key_source_.reset(ephemeral_key_source); |
| 1850 } | 1843 } |
| 1851 | 1844 |
| 1852 void QuicCryptoServerConfig::SetStrikeRegisterClient( | 1845 void QuicCryptoServerConfig::SetStrikeRegisterClient( |
| (...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2162 priority(0), | 2155 priority(0), |
| 2163 source_address_token_boxer(nullptr) {} | 2156 source_address_token_boxer(nullptr) {} |
| 2164 | 2157 |
| 2165 QuicCryptoServerConfig::Config::~Config() { | 2158 QuicCryptoServerConfig::Config::~Config() { |
| 2166 base::STLDeleteElements(&key_exchanges); | 2159 base::STLDeleteElements(&key_exchanges); |
| 2167 } | 2160 } |
| 2168 | 2161 |
| 2169 QuicCryptoProof::QuicCryptoProof() {} | 2162 QuicCryptoProof::QuicCryptoProof() {} |
| 2170 QuicCryptoProof::~QuicCryptoProof() {} | 2163 QuicCryptoProof::~QuicCryptoProof() {} |
| 2171 } // namespace net | 2164 } // namespace net |
| OLD | NEW |