| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 497 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 508 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 508 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 509 const QuicWallTime now(clock->WallNow()); | 509 const QuicWallTime now(clock->WallNow()); |
| 510 | 510 |
| 511 scoped_refptr<ValidateClientHelloResultCallback::Result> result( | 511 scoped_refptr<ValidateClientHelloResultCallback::Result> result( |
| 512 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, | 512 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, |
| 513 now)); | 513 now)); |
| 514 | 514 |
| 515 StringPiece requested_scid; | 515 StringPiece requested_scid; |
| 516 client_hello.GetStringPiece(kSCID, &requested_scid); | 516 client_hello.GetStringPiece(kSCID, &requested_scid); |
| 517 | 517 |
| 518 uint8_t primary_orbit[kOrbitSize]; | |
| 519 scoped_refptr<Config> requested_config; | 518 scoped_refptr<Config> requested_config; |
| 520 scoped_refptr<Config> primary_config; | 519 scoped_refptr<Config> primary_config; |
| 521 { | 520 { |
| 522 base::AutoLock locked(configs_lock_); | 521 base::AutoLock locked(configs_lock_); |
| 523 | 522 |
| 524 if (!primary_config_.get()) { | 523 if (!primary_config_.get()) { |
| 525 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; | 524 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; |
| 526 result->error_details = "No configurations loaded"; | 525 result->error_details = "No configurations loaded"; |
| 527 } else { | 526 } else { |
| 528 if (!next_config_promotion_time_.IsZero() && | 527 if (!next_config_promotion_time_.IsZero() && |
| 529 next_config_promotion_time_.IsAfter(now)) { | 528 next_config_promotion_time_.IsAfter(now)) { |
| 530 SelectNewPrimaryConfig(now); | 529 SelectNewPrimaryConfig(now); |
| 531 DCHECK(primary_config_.get()); | 530 DCHECK(primary_config_.get()); |
| 532 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); | 531 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); |
| 533 } | 532 } |
| 534 | |
| 535 memcpy(primary_orbit, primary_config_->orbit, sizeof(primary_orbit)); | |
| 536 } | 533 } |
| 537 | 534 |
| 538 requested_config = GetConfigWithScid(requested_scid); | 535 requested_config = GetConfigWithScid(requested_scid); |
| 539 primary_config = primary_config_; | 536 primary_config = primary_config_; |
| 540 crypto_proof->config = primary_config_; | 537 crypto_proof->config = primary_config_; |
| 541 } | 538 } |
| 542 | 539 |
| 543 if (result->error_code == QUIC_NO_ERROR) { | 540 if (result->error_code == QUIC_NO_ERROR) { |
| 544 // QUIC requires a new proof for each CHLO so clear any existing proof. | 541 // QUIC requires a new proof for each CHLO so clear any existing proof. |
| 545 crypto_proof->chain = nullptr; | 542 crypto_proof->chain = nullptr; |
| 546 crypto_proof->signature = ""; | 543 crypto_proof->signature = ""; |
| 547 crypto_proof->cert_sct = ""; | 544 crypto_proof->cert_sct = ""; |
| 548 EvaluateClientHello(server_ip, version, primary_orbit, requested_config, | 545 EvaluateClientHello(server_ip, version, requested_config, primary_config, |
| 549 primary_config, crypto_proof, result, | 546 crypto_proof, result, std::move(done_cb)); |
| 550 std::move(done_cb)); | |
| 551 } else { | 547 } else { |
| 552 done_cb->Run(result, /* details = */ nullptr); | 548 done_cb->Run(result, /* details = */ nullptr); |
| 553 } | 549 } |
| 554 } | 550 } |
| 555 | 551 |
| 556 class ProcessClientHelloHelper { | 552 class ProcessClientHelloHelper { |
| 557 public: | 553 public: |
| 558 explicit ProcessClientHelloHelper( | 554 explicit ProcessClientHelloHelper( |
| 559 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) | 555 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) |
| 560 : done_cb_(done_cb) {} | 556 : done_cb_(done_cb) {} |
| (...skipping 632 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1193 } | 1189 } |
| 1194 | 1190 |
| 1195 class QuicCryptoServerConfig::EvaluateClientHelloCallback | 1191 class QuicCryptoServerConfig::EvaluateClientHelloCallback |
| 1196 : public ProofSource::Callback { | 1192 : public ProofSource::Callback { |
| 1197 public: | 1193 public: |
| 1198 EvaluateClientHelloCallback( | 1194 EvaluateClientHelloCallback( |
| 1199 const QuicCryptoServerConfig& config, | 1195 const QuicCryptoServerConfig& config, |
| 1200 bool found_error, | 1196 bool found_error, |
| 1201 const IPAddress& server_ip, | 1197 const IPAddress& server_ip, |
| 1202 QuicVersion version, | 1198 QuicVersion version, |
| 1203 const uint8_t* primary_orbit, | |
| 1204 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, | 1199 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, |
| 1205 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, | 1200 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, |
| 1206 QuicCryptoProof* crypto_proof, | 1201 QuicCryptoProof* crypto_proof, |
| 1207 scoped_refptr<ValidateClientHelloResultCallback::Result> | 1202 scoped_refptr<ValidateClientHelloResultCallback::Result> |
| 1208 client_hello_state, | 1203 client_hello_state, |
| 1209 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) | 1204 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) |
| 1210 : config_(config), | 1205 : config_(config), |
| 1211 found_error_(found_error), | 1206 found_error_(found_error), |
| 1212 server_ip_(server_ip), | 1207 server_ip_(server_ip), |
| 1213 version_(version), | 1208 version_(version), |
| 1214 primary_orbit_(primary_orbit), | |
| 1215 requested_config_(std::move(requested_config)), | 1209 requested_config_(std::move(requested_config)), |
| 1216 primary_config_(std::move(primary_config)), | 1210 primary_config_(std::move(primary_config)), |
| 1217 crypto_proof_(crypto_proof), | 1211 crypto_proof_(crypto_proof), |
| 1218 client_hello_state_(std::move(client_hello_state)), | 1212 client_hello_state_(std::move(client_hello_state)), |
| 1219 done_cb_(std::move(done_cb)) {} | 1213 done_cb_(std::move(done_cb)) {} |
| 1220 | 1214 |
| 1221 void Run(bool ok, | 1215 void Run(bool ok, |
| 1222 const scoped_refptr<ProofSource::Chain>& chain, | 1216 const scoped_refptr<ProofSource::Chain>& chain, |
| 1223 const string& signature, | 1217 const string& signature, |
| 1224 const string& leaf_cert_sct, | 1218 const string& leaf_cert_sct, |
| 1225 std::unique_ptr<ProofSource::Details> details) override { | 1219 std::unique_ptr<ProofSource::Details> details) override { |
| 1226 if (ok) { | 1220 if (ok) { |
| 1227 crypto_proof_->chain = chain; | 1221 crypto_proof_->chain = chain; |
| 1228 crypto_proof_->signature = signature; | 1222 crypto_proof_->signature = signature; |
| 1229 crypto_proof_->cert_sct = leaf_cert_sct; | 1223 crypto_proof_->cert_sct = leaf_cert_sct; |
| 1230 } | 1224 } |
| 1231 config_.EvaluateClientHelloAfterGetProof( | 1225 config_.EvaluateClientHelloAfterGetProof( |
| 1232 found_error_, server_ip_, version_, primary_orbit_, requested_config_, | 1226 found_error_, server_ip_, version_, requested_config_, primary_config_, |
| 1233 primary_config_, crypto_proof_, std::move(details), !ok, | 1227 crypto_proof_, std::move(details), !ok, client_hello_state_, |
| 1234 client_hello_state_, std::move(done_cb_)); | 1228 std::move(done_cb_)); |
| 1235 } | 1229 } |
| 1236 | 1230 |
| 1237 private: | 1231 private: |
| 1238 const QuicCryptoServerConfig& config_; | 1232 const QuicCryptoServerConfig& config_; |
| 1239 const bool found_error_; | 1233 const bool found_error_; |
| 1240 const IPAddress& server_ip_; | 1234 const IPAddress& server_ip_; |
| 1241 const QuicVersion version_; | 1235 const QuicVersion version_; |
| 1242 const uint8_t* primary_orbit_; | |
| 1243 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; | 1236 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; |
| 1244 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; | 1237 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; |
| 1245 QuicCryptoProof* crypto_proof_; | 1238 QuicCryptoProof* crypto_proof_; |
| 1246 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_; | 1239 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_; |
| 1247 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; | 1240 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; |
| 1248 }; | 1241 }; |
| 1249 | 1242 |
| 1250 void QuicCryptoServerConfig::EvaluateClientHello( | 1243 void QuicCryptoServerConfig::EvaluateClientHello( |
| 1251 const IPAddress& server_ip, | 1244 const IPAddress& server_ip, |
| 1252 QuicVersion version, | 1245 QuicVersion version, |
| 1253 const uint8_t* primary_orbit, | |
| 1254 scoped_refptr<Config> requested_config, | 1246 scoped_refptr<Config> requested_config, |
| 1255 scoped_refptr<Config> primary_config, | 1247 scoped_refptr<Config> primary_config, |
| 1256 QuicCryptoProof* crypto_proof, | 1248 QuicCryptoProof* crypto_proof, |
| 1257 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, | 1249 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, |
| 1258 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1250 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1259 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1251 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
| 1260 | 1252 |
| 1261 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1253 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1262 ClientHelloInfo* info = &(client_hello_state->info); | 1254 ClientHelloInfo* info = &(client_hello_state->info); |
| 1263 | 1255 |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1325 string chlo_hash; | 1317 string chlo_hash; |
| 1326 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); | 1318 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
| 1327 bool need_proof = true; | 1319 bool need_proof = true; |
| 1328 need_proof = !crypto_proof->chain; | 1320 need_proof = !crypto_proof->chain; |
| 1329 if (FLAGS_enable_async_get_proof) { | 1321 if (FLAGS_enable_async_get_proof) { |
| 1330 if (need_proof) { | 1322 if (need_proof) { |
| 1331 // Make an async call to GetProof and setup the callback to trampoline | 1323 // Make an async call to GetProof and setup the callback to trampoline |
| 1332 // back into EvaluateClientHelloAfterGetProof | 1324 // back into EvaluateClientHelloAfterGetProof |
| 1333 std::unique_ptr<EvaluateClientHelloCallback> cb( | 1325 std::unique_ptr<EvaluateClientHelloCallback> cb( |
| 1334 new EvaluateClientHelloCallback( | 1326 new EvaluateClientHelloCallback( |
| 1335 *this, found_error, server_ip, version, primary_orbit, | 1327 *this, found_error, server_ip, version, requested_config, |
| 1336 requested_config, primary_config, crypto_proof, | 1328 primary_config, crypto_proof, client_hello_state, |
| 1337 client_hello_state, std::move(done_cb))); | 1329 std::move(done_cb))); |
| 1338 proof_source_->GetProof(server_ip, info->sni.as_string(), | 1330 proof_source_->GetProof(server_ip, info->sni.as_string(), |
| 1339 serialized_config, version, chlo_hash, | 1331 serialized_config, version, chlo_hash, |
| 1340 std::move(cb)); | 1332 std::move(cb)); |
| 1341 helper.DetachCallback(); | 1333 helper.DetachCallback(); |
| 1342 return; | 1334 return; |
| 1343 } | 1335 } |
| 1344 } | 1336 } |
| 1345 | 1337 |
| 1346 // No need to get a new proof if one was already generated. | 1338 // No need to get a new proof if one was already generated. |
| 1347 if (need_proof && | 1339 if (need_proof && |
| 1348 !proof_source_->GetProof(server_ip, info->sni.as_string(), | 1340 !proof_source_->GetProof(server_ip, info->sni.as_string(), |
| 1349 serialized_config, version, chlo_hash, | 1341 serialized_config, version, chlo_hash, |
| 1350 &crypto_proof->chain, &crypto_proof->signature, | 1342 &crypto_proof->chain, &crypto_proof->signature, |
| 1351 &crypto_proof->cert_sct)) { | 1343 &crypto_proof->cert_sct)) { |
| 1352 get_proof_failed = true; | 1344 get_proof_failed = true; |
| 1353 } | 1345 } |
| 1354 | 1346 |
| 1355 // Details are null because the synchronous version of GetProof does not | 1347 // Details are null because the synchronous version of GetProof does not |
| 1356 // return any stats. Eventually the synchronous codepath will be eliminated. | 1348 // return any stats. Eventually the synchronous codepath will be eliminated. |
| 1357 EvaluateClientHelloAfterGetProof( | 1349 EvaluateClientHelloAfterGetProof( |
| 1358 found_error, server_ip, version, primary_orbit, requested_config, | 1350 found_error, server_ip, version, requested_config, primary_config, |
| 1359 primary_config, crypto_proof, nullptr /* proof_source_details */, | 1351 crypto_proof, nullptr /* proof_source_details */, get_proof_failed, |
| 1360 get_proof_failed, client_hello_state, std::move(done_cb)); | 1352 client_hello_state, std::move(done_cb)); |
| 1361 helper.DetachCallback(); | 1353 helper.DetachCallback(); |
| 1362 } | 1354 } |
| 1363 | 1355 |
| 1364 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( | 1356 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( |
| 1365 bool found_error, | 1357 bool found_error, |
| 1366 const IPAddress& server_ip, | 1358 const IPAddress& server_ip, |
| 1367 QuicVersion version, | 1359 QuicVersion version, |
| 1368 const uint8_t* primary_orbit, | |
| 1369 scoped_refptr<Config> requested_config, | 1360 scoped_refptr<Config> requested_config, |
| 1370 scoped_refptr<Config> primary_config, | 1361 scoped_refptr<Config> primary_config, |
| 1371 QuicCryptoProof* crypto_proof, | 1362 QuicCryptoProof* crypto_proof, |
| 1372 std::unique_ptr<ProofSource::Details> proof_source_details, | 1363 std::unique_ptr<ProofSource::Details> proof_source_details, |
| 1373 bool get_proof_failed, | 1364 bool get_proof_failed, |
| 1374 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, | 1365 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, |
| 1375 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1366 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1376 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1367 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
| 1377 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1368 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1378 ClientHelloInfo* info = &(client_hello_state->info); | 1369 ClientHelloInfo* info = &(client_hello_state->info); |
| (...skipping 879 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2258 priority(0), | 2249 priority(0), |
| 2259 source_address_token_boxer(nullptr) {} | 2250 source_address_token_boxer(nullptr) {} |
| 2260 | 2251 |
| 2261 QuicCryptoServerConfig::Config::~Config() { | 2252 QuicCryptoServerConfig::Config::~Config() { |
| 2262 base::STLDeleteElements(&key_exchanges); | 2253 base::STLDeleteElements(&key_exchanges); |
| 2263 } | 2254 } |
| 2264 | 2255 |
| 2265 QuicCryptoProof::QuicCryptoProof() {} | 2256 QuicCryptoProof::QuicCryptoProof() {} |
| 2266 QuicCryptoProof::~QuicCryptoProof() {} | 2257 QuicCryptoProof::~QuicCryptoProof() {} |
| 2267 } // namespace net | 2258 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2425073002:
Remove unused primary_orbit arguments in QuicCryptoServerConfig (Closed)
